Allowing PHP to write files in a Plesk server environment

Allowing PHP to write files in a Plesk server environment

March 27, 2008

File Permissions

As you may have found out, a web server that houses a bunch of web sites can cause some issues with file permissions when it comes to allowing PHP to write files that a web site needs, whether it is a data file, a document or an image. This is usually not an issue if PHP is installed as a cgi module because cgi programs are usually setup to run as the user that owns them, but Plesk uses PHP installed as an Apache module, and thus it runs as the same user that Apache runs as, which is usually not the same user that owns the website files. How to solve this? It is really easy actually.

There are 2 possible solutions, the first is the easiest, but really shouldn't be considered and that is to make the folders that PHP needs to write to 0777, which opens a possible security hole and that is why you shouldn't really consider it. The second is to simply add the user apache uses, which under Plesk is usually "apache" to the group "psacln". You can edit the /etc/group and /etc/group- files if you know what you are doing, or use usermod.

If you want to edit the files directly, locate the line that looks like this: psacln:x:2524: and just tack on "apache" to the end of it like so... psacln:x:2524:apache Do this for both files and restart apache and you are done. Or, simpler /usr/sbin/usermod -a -G psacln apache Then simply make the folders and/or files that php needs access to 0775, which makes it more secure. You can do similar with any server environment, we just happen to use Plesk here. Rob

Tweet ThisEmail to a Friend