Problem with files/dirs deletion

pentago · February 26, 2013, 5:05am

Hi,

The other day i installed a PHP based CMS (modx) on my shell account and noticed that i couldn't delete any of files/dirs it created after.

Also, i noticed that all that stuff is owned by username-www instead of username.

I tried chown, chmod and using a PHP script to do the same wti those files but to no avail. All i get is:
rm: cannot remove `somedir': Permission denied

Environment is somewhat restrictive so i don't have access to root.

Could someone land a helping hand?

Don_Cragun · February 26, 2013, 8:53am

You say you don't have access to root, but when you installed this software it was able to create a new user-ID (username-www). To remove files owned by username-www, you'll need to su to username-www or to some other account (like root) that has the privileges needed to remove files owned by someone else. (Note that depending on directory permissions, it may be enough to be in a group that has write/delete permissions for the directory or directories containing the files to be removed.)

pentago · February 26, 2013, 9:11am

Well yeah, i was told that apache/php runs with my user as a security precaution.

Maybe i din't explained it very well, im not very skilled..
Anyway, from what i understood, such behavior is common practice on shell accounts where multi user environment is in place.

I can't switch to myusername-www, it gives me authentication failure

% su pentago-www
Password:
su: Authentication failure

Could you please elabore on how do i add myself to group with proper permissions?

Thanks!

Don_Cragun · February 26, 2013, 9:32am

pentago:

Well yeah, i was told that apache/php runs with my user as a security precaution.

Maybe i din't explained it very well, im not very skilled..
Anyway, from what i understood, such behavior is common practice on shell accounts where multi user environment is in place.

I can't switch to myusername-www, it gives me authentication failure
% su pentago-www
Password:
su: Authentication failure
Could you please elabore on how do i add myself to group with proper permissions?

Thanks!

If you can't remove files created by the application you're running, it is not running with your user-ID. Go back to the administrator who installed this application for you and tell them that you can't use it because it is creating files owned by myusername-www instead of files owned by myusername. They need to either give you the passwords you need to work as myusername-www or they need to make it run as myusername instead of as myusername-www. Other than that, we won't help you break security on the system you're using.

pentago · February 27, 2013, 3:42am

You obviously don't have idea on how shell accounts work and that Apache can be set to run as user-www as a safety measure sir. Why the dramma? Breaking security of the system?

Please..