Hi all,
On a Debian server in which I have full root access, I have:
A domain file, with path
/var/www/sites/myuser/mydomain.tld/subdomains/www/html/images
And a file in
/usr/share/mycms
which is as follows;
[code=php]$picpath = “/var/www/sites/myuser/mydomain.tld/subdomains/www/html/images”;
$image = “/images/ball.jpg”;
$pathtoimage = $picpath.”/ball.jpg”;
print “Path To Image: “.$pathtoimage.”<br/>”;
if(!file_exists($pathtoimage))
{
print “Tested If File Exists… Result: NO FILE<br/>”;
}
else
{
print “<img src='”.$image.”‘>”;
}
The server is configured such that a domain file /mycms/is included in the root path of each domain.
While my problem is one of Apache permissions, I post here because I am wondering if my problem is php configuration related.
I have a user ‘cms’ and a group ‘cmsgroup’. All files in the domain are owned by cms:cmsgroup.
All files in the usr/share/mycms folder are owned by root:cmsgroup.
Or at least, that’s the way it’s supposed to be.
My problem is that if the above php script is owned by root:cmsgroup, it can not detect that the target file exists.
If it is owned by cms/cmsgroup, it can detect the file. Unfortunately, in this configuration, a user could alter a file in his domain, and then read/alter files in /usr/share/mycms.
You can see for yourself at the following addresses…
[URL=”http://www.wroof.com/wroof/test.php”]www.wroof.com/wroof/test.php
and
[URL=”http://www.wroof.com/wroof/testcms.php”]www.wroof.com/wroof/testcms.php
I have checked the groups file to make sure the user is part of that group, and I have tried setting individual file permissions in the domain to 777. The result does not change.
Is there a php configuration that would cause this?
Can anyone suggest some other configuration that might be the source of the problem?
Thanks
CTB