如何使644权限文件可从PHP写入? [英] How do I make 644 permission files writable from PHP?

问题描述

我在Apache Web服务器上使用PHP，但是PHP没有写许可权，并且尽管需要修改的文件设置为通常的644(和文件夹)，但无法创建新文件或修改现有文件是755).

I'm using PHP on an Apache web server, but PHP lacks write permission and can't create new files, or modify existing ones, despite that the file that needs to be modified is set to the usual 644 (and folders are 755).

我的第一个猜测是问题出在PHP以与文件所有者不同的用户身份运行，并通过运行"posix_getpwuid(posix_geteuid());"来运行.我发现PHP以"www-data"的身份运行，而该文件的所有者和组设置为"company123".所以也许我应该简单地将文件的所有者更改为"www-data"?

My first guess was that the problem was PHP running as a different user than the file owner, and by running "posix_getpwuid(posix_geteuid());" I found that PHP ran as "www-data", while the file had owner and group set to "company123". So maybe I should simply change the owner of the file to "www-data"?

但是后来我决定检查我正在使用的其他一些Web服务器.在尝试的第一个文件中，使用PHP创建或修改644个文件没有问题，但是所有者和组的名称为"600"，而PHP以用户"wse253421"的身份运行.因此，显然可以让PHP以一个用户身份运行，并写入另一用户拥有的644个文件.怎么运作的?

But then I decided to check some other web servers I've been working with. On the first one I tried, I had no problems creating or modifying 644 files with PHP, and yet, the owner and group were named "600", while PHP ran as the user "wse253421". So apparently, it's ok for PHP to run as one user, and write to 644 files owned by another user. How does that work?

这是怎么回事，我应该如何处理在第一台服务器上缺少写许可权的PHP?

What's going on here, and what should I do about PHP lacking write permission on the first server?

推荐答案

644是所有者的读/写"权限，以及组和整个世界的只读权限.因此，如果该文件与运行Web服务器的用户不是同一用户所有，则无论该组如何，PHP都将无法写入该文件.如果(如您所说)似乎正在执行此操作，则Web服务器用户是文件所有者的别名，即他们共享相同的uid.

644 is Read/Write permission to the owner and read-only permission to the group and the world. So if the file is not owned by the same user as the web server runs under, PHP will not be able to write to it, regardless of the group. If (as you say) it seems to be doing this then the web-server user is an alias of the file owner, ie they share the same uid.

对于组写入，文件必须为664，并且该组必须与运行Web服务器的组相同(通常为www-data，但不能保证！).如果文件属于另一个组，则664将无济于事. 666可以，但不建议使用666，因为它允许任何人写入文件.

For group write the file needs to be 664 and the group needs to be the same as the group that the webserver runs as (often www-data but not guaranteed!). If the file belongs to a different group, 664 won't help. 666 would, but is not recommended since that allows anyone to write to the file.

要创建新文件，目录权限是重要因素. 755是所有者的读/写/执行，组和世界是读/执行.如果要进行组写入，则需要775，并且该组也需要与运行Web服务器的组相同.

To create new files the permissions on the directory are the important factor. 755 is Read/Write/Execute for the owner and Read/Execute for group and world. If you want group write you need 775 and again the group needs to be the same group as the webserver runs under.

如果您需要检查Web服务器用户/组，请暂时将目录chmod更改为777并将其写入文件.然后检查文件所有者和组.只是不要忘记将其更改为更安全的设置

If you need to check the webserver user/group temporarily chmod the directory to 777 and have it write a file. Then check the file owner and group. Just don't forget to chmod it back to a more secure setting

第一个服务器的最佳解决方案可能是将需要写入的文件和目录chgrp到Web服务器组(可能是www-data)，将文件chmod设置为664，将目录chmod设置为775

The best solution for your first server would probably be to chgrp the files and directories you need to write to, to the group of your webserver (probably www-data), chmod the files to 664 and chmod the directories to 775

请参见 https://www.ics.uci.edu/计算/linux/file-security.php

另请参见Thomas Rutter的回答: https://askubuntu.com/questions/386928 /default-permissions-for-var-www

See also answer by Thomas Rutter here: https://askubuntu.com/questions/386928/default-permissions-for-var-www

这篇关于如何使644权限文件可从PHP写入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！