chown not working with exec()

[bigger_travis]

hello, i have ispconfig 2 running on Centos -

what i'm trying to do:
i am running a php file which installs a script in the web/ directory to install my custom script, the php file renames the web directory

from: /var/www/web2/web
to: /var/www/web2/web_Orginal

then the the php file creates a web directory:

/var/www/web2/web

so when i go to the shell i send the ls command and i can confirm both directories are there, so the script is able to rename the orginal web/ directory and create a new web/ directory (I am using tar to unpack the web/ directory which contains all my script files)

web/
web_Orginal/

however, the new web/ directory is own by apache:

Code:

command: ls -la

OUTPUT:
drwxrwxrwx  8 apache   apache 4096 Feb  4 05:16 web
drwxrwxrwx  8 web2_AnyUser  web2 4096 Feb  4 05:16 web_Orginal

now i try to use exec() function in the php file to change the ower from apache to web2_AnyUser and the group from apache to web2 using this code in the php file:

PHP Code:

# PHP CODE:
# TO CHANGE OWERSHIP:
exec('chown -R web2_AnyUser /var/www/web2/web',$ouput,$result);
exec('chgrp -R web2 /var/www/web2/web',$ouput,$result);


. 


i dont get any errors, and the value of $result = 1

so when i go to the shell, i do an ls -la and it does not change the owership of the web/ directory, it still shows apache

what i want to acheive is to change the owershipt to look like this:

Code:

command: ls -la

OUTPUT:
drwxrwxrwx  8 web2_AnyUser  web2 4096 Feb  4 05:16 web
drwxrwxrwx  8 web2_AnyUser  web2 4096 Feb  4 05:16 web_Orginal

do you have any suggestions. i think you are my best resource for this. i was looking at your code in /root/ispconfig/scripts/lib/config.lib.php and it shows this code on line 690:

PHP Code:

  if($user["user_admin"]){
    //exec("usermod -G web".$web_doc_id." ".$user_username."");
    // alten admin herausfinden
    $old_admin_uid = fileowner($web_path);
    $mod->system->usermod($user_username, "web".$web_doc_id);
    exec("chown $user_username $web_path &> /dev/null");
    //exec("chown $user_username $web_path/cgi-bin &> /dev/null");
    exec("chown -R --from=$old_admin_uid $user_username $web_path/cgi-bin &> /dev/null");
    exec("chown $user_username $web_path/log &> /dev/null");
    exec("chown $user_username $web_path/ssl &> /dev/null");
    exec("chown $user_username $web_path/user &> /dev/null");
    //exec("chown $user_username $web_path/web &> /dev/null");
    exec("chown -R --from=$old_admin_uid $user_username $web_path/web &> /dev/null");




. 


i guess im trying to do the same, but im not sure how you did it.

if you have any suggestion, please advise,

Thanks for all your support

[falko]

Can you become the apache user with the su command and run the commands

Code:

chown -R web2_AnyUser /var/www/web2/web
chgrp -R web2 /var/www/web2/web

? Do you get any errors?

[bigger_travis]

i sent this command:

Code:

[root@testvirtual ~]# su apache
This account is currently not available.

i do get an error: "This account is currently not available."

[falko]

What's the output of

Code:

grep apache /etc/passwd

?

[jnsc]

try

Code:

su -s /bin/bash apache

[bigger_travis]

To jnsc:

Quote:

try
Code:

su -s /bin/bash apache

ok, i send this command now:

Code:

[root@testvirtual ~]# su -s /bin/bash apache
bash-3.2$ whoami
apache
bash-3.2$

im not getting any error anymore. i do see my my prompt changed from # to $ - so that means i can change user to apache.

################################################## #######################

To falko:

Quote:

Can you become the apache user with the su command and run the commands
Code:

chown -R web2_AnyUser /var/www/web2/web
chgrp -R web2 /var/www/web2/web

? Do you get any errors?

so i send the chown command:

Code:

bash-3.2$ chown web2_AnyUser /var/www/web2/web/
chown: changing ownership of `/var/www/web2/web/': Operation not permitted

RESULTS: Yes, i do get error = "Operation not permitted"

################################################## #######################

To falko:

Quote:

What's the output of
Code:

grep apache /etc/passwd

?

COMMAND RESULTS:

Code:

[root@testvirtual ~]# grep apache /etc/passwd
apache:x:48:48:Apache:/var/www:/sbin/nologin

Please Advise, Thanks

[falko]

What's the output of

Code:

ls -la /var/www/web2/web/

?

[bigger_travis]

Quote:

Originally Posted by falko

What's the output of

Code:

ls -la /var/www/web2/web/

?

Code:

[root@testvirtual www]# ls -la /var/www/web2/web/
total 76
drwxrwxrwx 9 apache   apache  4096 Feb  4 04:00 .
drwxrwxrwx 9 web2_AnyUser web2   4096 Feb  4 04:00 ..
-rw-rw-rw- 1 apache   apache   237 Apr 17  2009 .htaccess
drwxrwxrwx 2 apache   apache  4096 May 10  2009 images
drwxrwxrwx 2 apache   apache  4096 May 10  2009 includes
-rw-rw-rw- 1 apache   apache   565 Apr 17  2009 index.php
-rw-rw-rw- 1 apache   apache  1176 May 10  2009 INSTALL.txt
-rw-rw-rw- 1 apache   apache  2918 Apr 17  2009 oswallpaper-footer.php
-rw-rw-rw- 1 apache   apache  5202 Apr 17  2009 oswallpaper-header.php
-rw-rw-rw- 1 apache   apache 15687 May 10  2009 OSWallpaper.sql
drwxrwxrwx 2 apache   apache  4096 May 10  2009 pages
drwxrwxrwx 2 apache   apache  4096 May 10  2009 recaptcha
drwxrwxrwx 3 apache   apache  4096 May 10  2009 theme
drwxrwxrwx 8 apache   apache  4096 May 10  2009 wallpapers

[falko]

Hm, looks ok. I don't know why it doesn't work.

[jnsc]

It's only possible to execute the chown command from the root user. Here is a very interesting reference post http://www.ale.org/pipermail/ale/200...er/099333.html, but as it's quite long, I will post the part that is interesting for us.

Quote:

The default with most OS's is for chown to be restricted to root only.
And there is a consensus that it should stay this way for security
considerations. If a non-root user does change the owner of a file and
any execute bit is on, the SUID and SGID bits must be cleared. This may
or may not happen with root.