Discussion:
[PHP] PHP Won't Access Files Outside Web Root (Leopard/MacOS X 10.5)
(too old to reply)
Daniel Brown
2007-11-01 14:23:22 UTC
Permalink
Ave,
Somehow my PHP won't access, won't even acknowledge the existence of a =
file
that is outside the /Library/WebServer/Documents folder. This was never=
a a
problem before in any Mac version - it just started with Leopard.
I don't know what has changed where, in httpd.conf or php.ini or somewh=
ere
else, but something changed that's crippling access to files outside of=
the
webserver.
This Works in Mac OS X 10.3.9 (i.e., prints File Exists) but the same e=
xact
script does not work in Mac OS X 10.5, and yes, the file is available i=
n
Leopard in the mentioned location - path is exact same - permissions ar=
e all
$filename =3D "/Users/username/Documents/Transfers/test.txt";
if (file_exists($filename)) {
echo "The file $filename exists<br><br>";
} else {
echo "The file $filename does not exist<br><br>";
}
I=B9ve already checked safe_mode which is Off and open_basedir which is=
not
set =AD same settings as php.ini from before.
Any ideas what might be causing this?
Have you checked phpinfo() to check that the php.ini being loaded is the
one you think is being loaded? Also, are you get any warnings or
notices?
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Also make sure that it's not something simple that you may have
accidentally overlooked as well:

1.) Did you restart Apache after making any changes to php.ini or
httpd.conf?
2.) The path is cAsE-sEnSiTiVe. Did you make sure that it's
EXACTLY the same?
3.) Is any part of that symlinked, and if so, does Apache allow
FollowSymLinks?
4.) Is the account jailed or chroot'ed?

--=20
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-01 14:42:50 UTC
Permalink
Post by Daniel Brown
1.) Did you restart Apache after making any changes to php.ini or
httpd.conf?
2.) The path is cAsE-sEnSiTiVe. Did you make sure that it's
EXACTLY the same?
3.) Is any part of that symlinked, and if so, does Apache allow
FollowSymLinks?
4.) Is the account jailed or chroot'ed?
1) Checked!
2) Checked!
3) It is symlinked indeed!! Where in httpd.conf do I need to specify
FollowSymLinks? I'm running Apache 2.2.6 with PHP 5.2.4 on Mac OS X 10.5
Bah! Sorry to give you false hope on that, Rahul. I re-read the
post and my responses, and Apache would actually have nothing to do
with this particular problem. In any case, in your httpd.conf file,
you can enable FollowSymLinks near your AllowOverride directives. It
won't help in this case, but that's where it resides, nonetheless.

If you `su -` to the user as which the PHP script is running, does
that user have permission to access the Windows share? Are you
running this from the CLI or the web (I just noticed in the email you
just sent to Rob that it's a web error message).

Try this:

Take *just* that part of the script and run it from the CLI as
yourself to see if you can "see" the file. If not, try it as root.
If you can, then `su -` to the account under which Apache is
daemonized. You may need to update /etc/passwd to allow a shell to be
opened for that account.

When running the simple script from the CLI as the web server
account, can you see the file? Can you change to that directory?

It may very well be that the account under which Apache runs is
jailed/chroot'ed.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-01 16:19:03 UTC
Permalink
Post by Daniel Brown
Post by Daniel Brown
1.) Did you restart Apache after making any changes to php.ini or
httpd.conf?
2.) The path is cAsE-sEnSiTiVe. Did you make sure that it's
EXACTLY the same?
3.) Is any part of that symlinked, and if so, does Apache allow
FollowSymLinks?
4.) Is the account jailed or chroot'ed?
1) Checked!
2) Checked!
3) It is symlinked indeed!! Where in httpd.conf do I need to specify
FollowSymLinks? I'm running Apache 2.2.6 with PHP 5.2.4 on Mac OS X 10=
.5
Post by Daniel Brown
Bah! Sorry to give you false hope on that, Rahul. I re-read the
post and my responses, and Apache would actually have nothing to do
with this particular problem. In any case, in your httpd.conf file,
you can enable FollowSymLinks near your AllowOverride directives. It
won't help in this case, but that's where it resides, nonetheless.
If you `su -` to the user as which the PHP script is running, does
that user have permission to access the Windows share? Are you
running this from the CLI or the web (I just noticed in the email you
just sent to Rob that it's a web error message).
Take *just* that part of the script and run it from the CLI as
yourself to see if you can "see" the file. If not, try it as root.
If you can, then `su -` to the account under which Apache is
daemonized. You may need to update /etc/passwd to allow a shell to be
opened for that account.
When running the simple script from the CLI as the web server
account, can you see the file? Can you change to that directory?
It may very well be that the account under which Apache runs is
jailed/chroot'ed.
Well FollowSymLinks was present in my httpd.conf, and it's definitely not
the problem. I think the problem is the fact that on in Panther, I was ab=
le
to specify Apache Web Server to be the User/Group for the share being
mounted with -u 70 -g 70 during mount_smbfs.
In Leopard I'm not able to do that because they eliminated the -u -g
arguments for mount_smbfs - in fact they even eliminated NetInfo Manager =
so
I don't even know Apache's UID & GID.
Loading Image... (It's a screenshot of difference
between Panther & Leopard on the same folder showing different User/Group=
).
As you can see files within the mounted share had "www" (Apache) as the u=
ser
& group and PHP didn't have any problems accessing the files. But in
Leopard, "www" (Apache) is not the user/group.
I don't know what you have to do in Leopard to mount a share giving it a
User/Group of your choice.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
=B3I morti non sono piu soli ... The dead are no longer lonely=B2
Rahul,

The image you showed indicates that there is no user account
associated with UID 501 on Leopard. That particular UID is, on most
*nix-based systems, the second-lowest-available default UID for a
user-created account (starting at 500, unless you specify otherwise).

Try creating an account on Leopard (you may have to do two, unless
you want to edit /etc/passwd) and then `ls -l` the Leopard view of the
share again. You'll see 501 disappear and be replaced by the name
associated with UID 501. Then just see what the GID associated with
the group 'admin' is and update that, if need be.

The fix for this could be as simple as `su -`'ing to root and
chown'ing the directory to the UID/GID of the web server, but I don't
know how much conflict that will cause for the rest of your system, so
that's entirely up to you.

--=20
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-01 16:47:23 UTC
Permalink
Is there a Terminal way of figuring out the UID/GID of something like admin,
apache etcetera?
PS: I know it's going OT!
Yes, you'll find those UIDs in /etc/passwd. For example:
apache:x:48:48:Apache:/var/www:/sbin/nologin

That means my Apache server runs with UID 48 and GID 48, with
/var/www as the home directory and /sbin/nologin as the shell.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jason Pruim
2007-11-02 12:32:38 UTC
Permalink
Ave,
Somehow my PHP won't access, won't even acknowledge the existence =20
of a file
that is outside the /Library/WebServer/Documents folder. This was =20
never a a
problem before in any Mac version - it just started with Leopard.
I don't know what has changed where, in httpd.conf or php.ini or =20
somewhere
else, but something changed that's crippling access to files =20
outside of the
webserver.
This Works in Mac OS X 10.3.9 (i.e., prints File Exists) but the =20
same exact
script does not work in Mac OS X 10.5, and yes, the file is =20
available in
Leopard in the mentioned location - path is exact same - =20
permissions are all
$filename =3D "/Users/username/Documents/Transfers/test.txt";
if (file_exists($filename)) {
echo "The file $filename exists<br><br>";
} else {
echo "The file $filename does not exist<br><br>";
}
I=B9ve already checked safe_mode which is Off and open_basedir which =20=
is not
set same settings as php.ini from before.
Any ideas what might be causing this?
Thanks!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
=B3I morti non sono piu soli ... The dead are no longer lonely=B2
Sounds like a clear case of Apache being chroot'ed.
This is based off the BSD style setup I believe. Which I believe =20
Mac uses, So, I would check your startup line for Apache. I did =20
some googling, but I could not find anything to confirm my thinking =20=
that the Mac Apache configuration is anything like the default =20
OpenBSD setup.
I know you can manually start httpd with the -u flag to disable =20
chrooting
Again, I can't find any examples of the Mac setup, but my money =20
would be on chrooting as the problem.
I have been a Mac user for my entire computing life, and although I =20
can't tell you the difference between Apple's setup and OpenBSD's set =20=

up.. I can point you to a list that would definitely be able to help. =20=

which is: http://lists.apple.com/mailman/listinfo/macos-x-server

That list as some of the most knowledgeable mac Heads I have ever =20
dealt with, and they have helped me through all kinds of stuff.

If anyone can tell you, they can.


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
***@raoset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-02 13:59:01 UTC
Permalink
I have been a Mac user for my entire computing life....
Well, then way to chime in 14 hours late there, Pruim! ;-P
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jason Pruim
2007-11-02 14:19:00 UTC
Permalink
Post by Daniel Brown
I have been a Mac user for my entire computing life....
Well, then way to chime in 14 hours late there, Pruim! ;-P
What can I say? :) Better late then never :P


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
***@raoset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Jason Pruim
2007-11-02 14:24:15 UTC
Permalink
Post by Jason Pruim
Post by Daniel Brown
I have been a Mac user for my entire computing life....
Well, then way to chime in 14 hours late there, Pruim! ;-P
What can I say? :) Better late then never :P
Keep telling yourself that.... ;-P
Oh, definitely will :) Along with how I am the best php programmer out
there and how I'm better then everyone else :P

Have I mentioned I'm also humble? Or delusional... at least if you
look at the archives and see the questions I've asked :P

That reminds me... I need to get some more RAID... I ran out of my
last can awhile back and now I have rants covering my desktop :P


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
***@raoset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-02 14:26:01 UTC
Permalink
Post by Jason Pruim
Post by Daniel Brown
I have been a Mac user for my entire computing life....
Well, then way to chime in 14 hours late there, Pruim! ;-P
What can I say? :) Better late then never :P
Keep telling yourself that.... ;-P
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Daniel Brown
2007-11-02 15:13:27 UTC
Permalink
Post by Jason Pruim
Sounds like a clear case of Apache being chroot'ed.
This is based off the BSD style setup I believe. Which I believe
Mac uses, So, I would check your startup line for Apache. I did
some googling, but I could not find anything to confirm my thinking
that the Mac Apache configuration is anything like the default
OpenBSD setup.
I know you can manually start httpd with the -u flag to disable
chrooting
Again, I can't find any examples of the Mac setup, but my money
would be on chrooting as the problem.
I have been a Mac user for my entire computing life, and although I
can't tell you the difference between Apple's setup and OpenBSD's set
up.. I can point you to a list that would definitely be able to help.
which is: http://lists.apple.com/mailman/listinfo/macos-x-server
That list as some of the most knowledgeable mac Heads I have ever
dealt with, and they have helped me through all kinds of stuff.
If anyone can tell you, they can.
That sounds like a good place to look.
I actually did figure out a way to make this work. It appears that Apache
Web Server did not have enough permissions to read files on a mounted sha=
re,
simply because Leopard eliminated the -u -g arguments for mount_smbfs - s=
o
basically my guess was right on target.
I was able to figure out the workaround to mounting a share giving it
That works!
It mounts the share as "www" - which is Apache Web Server - and my PHP
scripts had no problem reading files of the share on my Website.
Now I need to figure out how to write an AppleScript (or use the Automato=
r)
to automate the process on every boot up. I had an AppleScript before to =
do
this - but it's changed now.
Thanks guys.
PS: You guys are funny! And brilliant!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.
W: http://www.rahulsjohari.com
=B3I morti non sono piu soli ... The dead are no longer lonely=B2
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Rahul,

I believe all of the modern MacOS variants still use the
*nix-style (due to being based on BSD) rc.d startups, right? If so:

sudo echo "sudo -u www mount_smbfs -f 0777 -d 0777
//usr:***@ip/share node" > /etc/rc.d/init.d/winsharemount
sudo chmod 755 /etc/rc.d/init.d/windsharemount
sudo ln -s /etc/rc.d/init.d/winsharemount /etc/rc.d/rc3.d/S74winsharemo=
unt
sudo ln -s /etc/rc.d/init.d/winsharemount /etc/rc.d/rc5.d/S74winsharemo=
unt

That should help automate it on startup in single-user and
multi-user mode (rc3 and rc5, respectively).

--=20
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Nathan Nobbe
2007-11-06 17:09:32 UTC
Permalink
------=_Part_28013_32183027.1194368612715
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
I couldn't find an /etc/rd.d or rc3.d on my system at all. I've been
manually mounting after each boot, so still looking for an automated
mounting solution.
look for /etc/fstab

-nathan

------=_Part_28013_32183027.1194368612715--
Nathan Nobbe
2007-11-06 17:59:04 UTC
Permalink
------=_Part_28218_1567714.1194371868149
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Post by Nathan Nobbe
I couldn't find an /etc/rd.d or rc3.d on my system at all. I've been
manually mounting after each boot, so still looking for an automated
mounting solution.
look for /etc/fstab
-nathan
Nathan,
IGNORE THIS FILE.
This file does nothing, contains no useful data, and might go away in
future releases. Do not depend on this file or its contents.
!!!
perhaps if you google around on something like mac os x /etc/fstab
something useful will turn up. im sure there is an alternative mechanism
to mount things at boot time on that system.

-nathan

------=_Part_28218_1567714.1194371868149--

Loading...