How to configure file permissions for php script overwrite?

Question:

I am writing for myself a simple php script that climbs on a schedule into a specific folder on my screw, reads the size of the images and if it is larger than N , overwrites the images with resize.

I am using Mac OS X and this script will also work in this environment.

Files in this folder (and this is the Яндекс.Диск cloud folder) are created with 644 rights.
It turns out that only the owner can change the size. Of course, Apache is launched by the www-data user.

Then I had several options:

  1. Just change the Apache user. In one of the branches that I created here, they wrote that from a security point of view, this is not the best option.

  2. The second option is to set umask as 002 (now 022 ) so that all files are created with 664 privileges. Then it will be possible to define www-data in the group stuff and the trick is done. Again, how correct is such a change from a security point of view? And is it possible to set umask for a specific folder?

  3. Dig in the direction of ACL (I have not encountered it). But something is criticizing this system, and I haven’t looked at whether it exists in Mac OS X either.

I am awaiting advice from experts on how best to resolve this situation.

Answer:

Apache has a wrapper for running cgi as other suEXEC users. True, the authors were too clever with checks there, so it might be easier to write a simple C program yourself, which will run your php-script, and put the s-bit binary file using chmod u+s имяфайла . This bit tells the system that the file should be executed on behalf of the file owner, unfortunately s-bits only affect binaries.

Scroll to Top