Making Apache able to write to PHP files with PHP running as DSO?
I would only do this on a development server in a secured environment. Many PHP applications will generate the file to the screen so that it can be copied safely to the configuration directory.
The quick (and insecure) way to do this is to execute chmod 777 .
from the directory where the file should go. Before doing this run ls -ld .
to get the permissions you will be setting them back to. In some cases the required directory will not exist, so you will need to create it first. Immediately after the configuration file has been written, reset the directory to its original permissions. The correct command is likely chmod 755 .
or chmod 750 .
run from the directory. Verify with the ls command.
Change the permissions on the configuration file so that Apache can no longer write to it (chmod o-w configfile
).
Applications often come with example configuration files. Placing one of these in the configuration directory and editing may be a better approach. This requires that you learn and understand the configuration options. You may be able to use the online configuration script to assist your edits.
You can write your config files under a temporary directory such as /tmp/config/
. Then, you can execute a shell script to copy the config files from /tmp/config/
to the desired location.
To grant the needed permissions, you can add the user nobody
to the sudoers file. The entry should look like:
nobody ALL=NOPASSWD: /path/to/your_script.sh
The shell script (don't forget to add execute permission).
cp -r /tmp/config/* /desired/path/to/config
In PHP, you need a small code snippet like:
<?php
$output = shell_exec('sudo /path/to/your_script.sh');
echo "$output";
?>
In a shared environment everything gets a bit complicated when it comes to security concerns. By changing the file ownership to 'nobody' you give Apache write access to that file but, if the PHP module doesn't have settings to restrict each virtualhost to each its own directory, it would also give others access to it. Check how it's set up in your environment.
Apache usually runs as user 'nobody' and group 'nobody' so you could play with group permissions too. Change the file's group to 'nobody' and set permission to 664.
If you can't change the file's owner or group, FTP usually lets you change the permissions. Assuming that Apache isn't one of the user/group that owns that file, you'd have to set it to 777 which is very insecure but it all depends on the kind of environment you're in. Perhaps you can set it temporarily, install you app and change it back to 644 or 444 (read-only).