用户www-data无法删除文件
[英]user www-data cannot remove file
问题描述
In php I do the following: 
在php中我执行以下操作:
exec('remove_file.sh', $output, $return);
where remove_file.sh is the following script: 其中remove_file.sh是以下脚本:
#!/bin/sh
rm -f /tmp/test.pdf
I verified that this script is run by www-data and test.pdf is owned by myuser but with 666 (rw-rw-rw-) permissions. 我确认此脚本由www-data运行,test.pdf由myuser拥有,但具有666(rw-rw-rw-)权限。 /tmp is owned by root and has 666 permission. / tmp归root所有,拥有666权限。
The script returns 1 (general error) without any output. 该脚本返回1(一般错误),没有任何输出。
If I try from a terminal: 如果我从终端尝试:
sudo su www-data -c 'rm -f /tmp/test.pdf'
I get: 我明白了:
cannot remove `/tmp/test.pdf': Operation not permitted
How can I remove this file from a php script? 如何从php脚本中删除此文件?
1 个解决方案
解决方案1
2 已采纳 2013-04-22 09:06:18
You probably have to make sure www-user has write permission to the directory, as well as the file. 您可能必须确保www-user对目录以及文件具有写入权限。 This depends on the filesystem, but most require this for rm or mv operations. 这取决于文件系统,但大多数都需要这个用于rm或mv操作。
So chmod 777 /tmp should do the trick. 所以chmod 777 /tmp应该可以解决问题。
Edit: The above may not be a secure way to accomplish the desired availability. 编辑:以上可能不是实现所需可用性的安全方法。 Depending on your setup, a more thorough way to accomplish this would be to add www-user to the users group (assuming myuser primary group is users ), then set the /tmp directory to rwx for user & group. 根据您的设置,更全面的方法是将www-user添加到users组(假设myuser主要组是users ),然后将/tmp目录设置为rwx for user&group。
# usermod -g users www-user
# chmod 770 /tmp
Allowing everyone to read, write and execute in /tmp is not suitable for multi-user or unsecured boxes, and whilst it may work fine on a well secured server, you are giving a lot of access to anyone who compromises the box. 允许每个人在/tmp读取,写入和执行都不适合多用户或不安全的盒子,虽然它可以在安全性很好的服务器上正常工作,但是你可以给任何妥协盒子的人提供很多访问权限。
An even better alternative is to have php upload files to a more local directory instead of using bash scripts using $_FILES and then use PHP again to delete them with unlink . 一个更好的替代方法是让PHP文件上传到更多的本地目录,而不是使用使用bash脚本$ _FILES ,然后再次使用PHP和删除它们取消链接 。 This way all files will belong to www-user . 这样所有文件都属于www-user 。 Remember that it's essential to validate files thoroughly before allowing uploads to prevent attacks via c99 and similar malware . 请记住,在允许上传以防止通过c99和类似恶意软件进行攻击之前,彻底验证文件至关重要。
EDIT (from OP): 编辑(来自OP):
Though the security issues do not apply in my case, I completely agree with the previous edit. 虽然安全问题不适用于我的情况,但我完全同意之前的编辑。 Using /tmp was the lazy way out. 使用/ tmp是懒惰的出路。 But the real problem was that I tested creating a file under my own user and then continued testing from www-data. 但真正的问题是我测试了在我自己的用户下创建文件,然后继续从www-data进行测试。 Under the default permissions of /tmp you cannot (rightly so) delete another users file nor overwrite it. 在/ tmp的默认权限下,您不能(正确地)删除其他用户文件,也不能覆盖它。 This resulted in various issues, not only with rm. 这导致了各种问题,不仅仅是rm。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.