Home > Archive > PHP Language > November 2005 > PHP/IIS rights problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
PHP/IIS rights problem
|
|
| Swincher 2005-11-14, 6:56 pm |
| Hello - --
I am a realtive newbie to PHP, though I have been a custom application
designer for many, many years, now moving some of my business to PHP.
I am doing a little experiment: I am taking a HTML file, and updating
it by adding some HTML text to it. I am using file_get_contents() and
either str_replace() or preg_replace() (not sure yet of the
difference) to do the work. that isn't the problem at the moment,
though.
I was getting some weird errors, so I did a little experiment (right
out of the sample code on the PHP site) to append some text to an
ascii file using low-level functions (fopen() fwrite() etc.).
I get this error:
-------------------------------------------
Warning: fopen(test.txt) [function.fopen]: failed to open stream:
Permission denied in h:\Inetpub\wwwroot\KOFamily\koaddcomm.php...
-------------------------------------------
So it looks like I have a "rights" problem first. The system I am
playing with is a W2K server with IIS 5.0.2195.6620. I can ortherwise
execute PHP code without problem.
Am I right that this is a "rights" problem? Would anybody please
direct me to a resource to help me solve this?
many thanks - -- -
Ken (Swincher)
| |
| Hilarion 2005-11-14, 6:56 pm |
| > I am a realtive newbie to PHP, though I have been a custom application
> designer for many, many years, now moving some of my business to PHP.
>
> I am doing a little experiment: I am taking a HTML file, and updating
> it by adding some HTML text to it. I am using file_get_contents() and
> either str_replace() or preg_replace() (not sure yet of the
> difference) to do the work. that isn't the problem at the moment,
> though.
The difference is that str_replace searches for plain text (exact match),
and preg_replace uses regular expressions (Perl compatible).
> I was getting some weird errors, so I did a little experiment (right
> out of the sample code on the PHP site) to append some text to an
> ascii file using low-level functions (fopen() fwrite() etc.).
>
> I get this error:
> -------------------------------------------
> Warning: fopen(test.txt) [function.fopen]: failed to open stream:
> Permission denied in h:\Inetpub\wwwroot\KOFamily\koaddcomm.php...
> -------------------------------------------
> So it looks like I have a "rights" problem first. The system I am
> playing with is a W2K server with IIS 5.0.2195.6620. I can ortherwise
> execute PHP code without problem.
>
> Am I right that this is a "rights" problem? Would anybody please
> direct me to a resource to help me solve this?
Yes, this is probably a rights problem. Make sure that you granted
write access on this file to the IIS service account (depends on the
account you are using for this service).
The other possible reason is that you pass incorrect path to the
"fopen" function. Try with absolute path (eg.
"H:\Inetpub\wwwroot\test.txt") and if it works, then try working
out the correct relative path (it should be relative to the
executed PHP script - not the included script nor the web-root folder).
Hilarion
| |
| Swincher 2005-11-14, 6:56 pm |
| On Mon, 14 Nov 2005 17:43:32 +0100, "Hilarion"
<hilarion@SPAM.op.SMIECI.pl> wrote:
>
>The difference is that str_replace searches for plain text (exact match),
>and preg_replace uses regular expressions (Perl compatible).
Thank you. That makes sense.
>
>Yes, this is probably a rights problem. Make sure that you granted
>write access on this file to the IIS service account
OK. Is there any security danger to doing this?
Ken
| |
| Hilarion 2005-11-14, 6:56 pm |
| >>> Am I right that this is a "rights" problem?
>
> OK. Is there any security danger to doing this?
Yes and no. If you'll have some other app (also web-app) working
on the same account which is prone to user abuse*, then
this app will be able to overwrite the file in which case
you'll loose all the data and/or get your disc filled with some
crap.
* - If the app has some security holes (simple example is:
web-app allows user to point a server path to which their
uploaded file should go to).
If you check what uses same account and are sure that all those
apps are safe, and if you check all the web-apps working
on this IIS and are sure they are well-written and do not
allow access to this file, then there's no security risk
from allowing IIS account writing to this file.
You may try minimising the risks by creating dedicated account
for IIS with same privileges as the oryginal account and grant
write privileges on the file only to this dedicated account.
This way only IIS and it's web-apps are potential risk source.
Hilarion
| |
| Swincher 2005-11-14, 6:56 pm |
| On Mon, 14 Nov 2005 18:26:30 +0100, "Hilarion"
<hilarion@SPAM.op.SMIECI.pl> wrote:
>Yes and no.
Thank you for your thoughtful response. I got the "simple" program
working. Stay tuned for the one I am *really* trying to do.
Ken
|
|
|
|
|