Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Password protected directory, not logged in as user |
|
Author |
|
easyBob
Joined: 30 Nov 2009 Posts: 3
|
Posted: Mon 30 Nov '09 21:22 Post subject: Password protected directory, not logged in as user |
|
|
Hi folks! I'm new here, but have a very weird problem with a server, so I'm just going to jump right in to the issue.
I've got a directory password protected using .htaccess and .htpasswd files. When I go to that directory, the login popup opens, I fill out the fields, and I then get to see the directory.
Everything looks fine at this point, until I run a php script that makes a call to fopen ('somefile.txt', "w") for writing. The file is in the same dir as the script. The directory permission is 755, and file permission is 644.
When the script gets to the fopen command, it reports: failed to open stream: Permission denied.
Which is odd, cause I have this same script, same secure directory on a different server that works fine.
Now, I changed the file permission from 644 to 646 (world writable[for testing]) just to see what would happen. Well, the script worked. Which is telling me that for some reason, after logging in, I'm not logged in as a user with user permissions....
What am I missing? I've never run into this issue before. I do believe this is a settings issue with Apache, but I'm not an expert in this area.
Thanks,
-Chris
EDIT: the .htaccess is:
AuthType Basic
AuthName "test"
AuthUserFile **removed**
Require valid-user |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7355 Location: Germany, Next to Hamburg
|
Posted: Mon 30 Nov '09 21:34 Post subject: |
|
|
Hi Bob,
the .htaccess is for authentication, not about the persmissions itself. |
|
Back to top |
|
easyBob
Joined: 30 Nov 2009 Posts: 3
|
Posted: Mon 30 Nov '09 21:42 Post subject: |
|
|
James Blond wrote: | Hi Bob,
the .htaccess is for authentication, not about the persmissions itself. |
Then what's the point on setting file/dir permissions for user/group/world if the server doesn't know who is who?
My other server knows that I've been authenticated as a user when I log in, and as such, I have file writing permissions (644) for the scripts that I run. There is nothing, that I can see, that is different with the new server.
Or I'm missing something that's right in front of me...
Using phpinfo() in a script, I can see that the login info is in there....but the server keeps my permission level at world after authentication. Why? Shouldn't I have User level permissions after authentication?
-Chris |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7355 Location: Germany, Next to Hamburg
|
|
Back to top |
|
easyBob
Joined: 30 Nov 2009 Posts: 3
|
Posted: Mon 30 Nov '09 23:42 Post subject: |
|
|
I don't use passwords from /etc/passwd
Both servers store passwords like so: /.htpasswds/public_html/dir/passwd
'dir' being the directory of the protected directory.
But, one server knows the user, and the other doesn't...I've been talking to the host company and...it's a mess....they want me to just set the permission level to 777 for anything that I need to write/delete/etc. and set ownership to the main user (the only user)....
Uggg. I shouldn't have to do any of that. Now I've got to change all my scripts so they first set the right ownership, then change the permission level (if that will even work!).
Even mkdir ('dir', 0777) will create a dir but with permissions of 755...f'n nightmare. It was flawless on the other server....flawless.
-Chris |
|
Back to top |
|
|
|
|
|
|