sleepwalker

Ave,

Somehow my PHP won't access, won't even acknowledge the existence of a file
that is outside the /Library/WebServer/Documents folder. This was never a a
problem before in any Mac version - it just started with Leopard.

I don't know what has changed where, in httpd.conf or php.ini or somewhere
else, but something changed that's crippling access to files outside of the
webserver.

This Works in Mac OS X 10.3.9 (i.e., prints File Exists) but the same exact
script does not work in Mac OS X 10.5, and yes, the file is available in
Leopard in the mentioned location - path is exact same - permissions are all
set:

$filename = "/Users/username/Documents/Transfers/test.txt";
if (file_exists($filename)) {
echo "The file $filename exists<br><br>";
} else {
echo "The file $filename does not exist<br><br>";
}

I¹ve already checked safe_mode which is Off and open_basedir which is not
set * same settings as php.ini from before.
Any ideas what might be causing this?

Thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: sleepwalker@rahulsjohari.com

³I morti non sono piu soli ... The dead are no longer lonely²

robert

Have you checked phpinfo() to check that the php.ini being loaded is the
one you think is being loaded? Also, are you get any warnings or
notices?

Cheers,
Rob.
--
.................................................. ..........
SwarmBuy.com - http://www.swarmbuy.com

Leveraging the buying power of the masses!
.................................................. ..........

parasane

Also make sure that it's not something simple that you may have
accidentally overlooked as well:

1.) Did you restart Apache after making any changes to php.ini or
httpd.conf?
2.) The path is cAsE-sEnSiTiVe. Did you make sure that it's
EXACTLY the same?
3.) Is any part of that symlinked, and if so, does Apache allow
FollowSymLinks?
4.) Is the account jailed or chroot'ed?

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....

sleepwalker

Yes. Checked phpinfo() ... Correct php.ini loaded.

On fopen(), I get the following warning:

Warning: fopen(/Library/WebServer/Documents/Misc/osm/ox.txt)
[function.fopen]: failed to open stream: Permission denied in
/Library/WebServer/Documents/Misc/test.php on line 5

I was using if/else before with file_exists() or is_readable() and it didn't
give me any warnings or notices. Now I tried with fopen() and it does indeed
give me a warning.

One thing I must point out is that "osm" is a Share Point which has a
windows network share mounted on it (via SMB).

I'm not sure where the problems are in permissions, because while mounting,
I'm allowing full read/write permissions to share:
Mount_smbfs -f 777 -d 777 //userwd@ip/share sharePoint


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: sleepwalker@rahulsjohari.com

³I morti non sono piu soli ... The dead are no longer lonely²

sleepwalker

1) Checked!
2) Checked!
3) It is symlinked indeed!! Where in httpd.conf do I need to specify
FollowSymLinks? I'm running Apache 2.2.6 with PHP 5.2.4 on Mac OS X 10.5
4) chroot'ed? Basically I'm mounting a windows network share on a share
point and during mount I'm giving it full read/write permissions.
(mount_smbfs -f 777 -d 777 //userwd@ip/share sharePoint)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: sleepwalker@rahulsjohari.com

³I morti non sono piu soli ... The dead are no longer lonely²

parasane

Bah! Sorry to give you false hope on that, Rahul. I re-read the
post and my responses, and Apache would actually have nothing to do
with this particular problem. In any case, in your httpd.conf file,
you can enable FollowSymLinks near your AllowOverride directives. It
won't help in this case, but that's where it resides, nonetheless.

If you `su -` to the user as which the PHP script is running, does
that user have permission to access the Windows share? Are you
running this from the CLI or the web (I just noticed in the email you
just sent to Rob that it's a web error message).

Try this:

Take *just* that part of the script and run it from the CLI as
yourself to see if you can "see" the file. If not, try it as root.
If you can, then `su -` to the account under which Apache is
daemonized. You may need to update /etc/passwd to allow a shell to be
opened for that account.

When running the simple script from the CLI as the web server
account, can you see the file? Can you change to that directory?

It may very well be that the account under which Apache runs is
jailed/chroot'ed.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....

sleepwalker

Well FollowSymLinks was present in my httpd.conf, and it's definitely not
the problem. I think the problem is the fact that on in Panther, I was able
to specify Apache Web Server to be the User/Group for the share being
mounted with -u 70 -g 70 during mount_smbfs.

In Leopard I'm not able to do that because they eliminated the -u -g
arguments for mount_smbfs - in fact they even eliminated NetInfo Manager so
I don't even know Apache's UID & GID.

So after mounting the share on the share point, this is what happens:
http://www.troyjobs.com/media/smb.gif (It's a screenshot of difference
between Panther & Leopard on the same folder showing different User/Group).

As you can see files within the mounted share had "www" (Apache) as the user
& group and PHP didn't have any problems accessing the files. But in
Leopard, "www" (Apache) is not the user/group.

I don't know what you have to do in Leopard to mount a share giving it a
User/Group of your choice.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: sleepwalker@rahulsjohari.com

³I morti non sono piu soli ... The dead are no longer lonely²

parasane

Rahul,

The image you showed indicates that there is no user account
associated with UID 501 on Leopard. That particular UID is, on most
*nix-based systems, the second-lowest-available default UID for a
user-created account (starting at 500, unless you specify otherwise).

Try creating an account on Leopard (you may have to do two, unless
you want to edit /etc/passwd) and then `ls -l` the Leopard view of the
share again. You'll see 501 disappear and be replaced by the name
associated with UID 501. Then just see what the GID associated with
the group 'admin' is and update that, if need be.

The fix for this could be as simple as `su -`'ing to root and
chown'ing the directory to the UID/GID of the web server, but I don't
know how much conflict that will cause for the rest of your system, so
that's entirely up to you.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....

sleepwalker

Daniel,

You're on the right track. I do realize the UID 501 and how to change that,
I think my biggest two problems right now are:

A) I don't know what's the UID/GID of Apache in Leopard. It used to be 70 in
Panther and I don't know if it's changed or not. They eliminated NetInfo
Manager so I don't even know how to find out.

B) Even if I did find out, I don't know how to apply Apache's UID/GID to
mounted share while mounting. I could possibly go in and manually give the
folder the UID/GID using terminal.

Is there a Terminal way of figuring out the UID/GID of something like admin,
apache etcetera?

PS: I know it's going OT!

parasane

Yes, you'll find those UIDs in /etc/passwd. For example:
apache:x:48:48:Apache:/var/www:/sbin/nologin

That means my Apache server runs with UID 48 and GID 48, with
/var/www as the home directory and /sbin/nologin as the shell.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....