How can one modify/delete remote files that have ‘nobody’ ownership in Linux, using PHP? For instance using FTP functions.
The files would be located on another server than the PHP script is located on, which is why I’ve been trying to use FTP functions, though I don’t know if there are other options than FTP. Currently I’m getting “permission denied” errors when attempting to use FTP functions. Note that I’d have both the login for the particular account, as well as the root login and the cPanel server hash, if that helps.
‘nobody’ is just the name of the regular user. Just login via ftp to that other server as the user ‘nobody’
You will then have all the rights to modify the files. All you need is the password for the user ‘nobody’.
Thank you, but I’m confused. Where is this ‘nobody’ user coming from? There is no account ‘nobody’ on my server. I thought it was just a type of ownership, not an actual account/username you could log in with?
And if you did log in as nobody what folder(s) would you gain access to? For instance say there’s 20 accounts on the server (named acct1, acct2 etc.), each with their own folders like /home/acct1, /home/acct2. I don’t see what the ‘nobody’ user would have access to?
Perhaps I am mistaken but I think ‘nobody’ ownership is just a type of ownership, with no account being the owner of those files, as these files were created by PHP scripts.
How do you see all accounts on your server? How do you login to linux? If you have root password you can login via shell then open the /etc/passwd file and see list of all accounts.
What you should do is change the password for user ‘nobody’ so that you will have the password. Then you can login as ‘nobody’
There is no such thing as just the type of ownership on Linux. Ownership means some account and /or group owns a file. There has to be an account in order for the ownership to exist.
The user ‘nobody’ usually used by apache server, so when a file is created by the apache server it’s automatically owned by the user that apache runs under, which is ‘nobody’. So when you upload a file via web page form, apache server is the process that saves your file somewhere, using the account it runs under, which is ‘nobody’ by default.
cpanel does not list any ‘nobody’ user, however I do see the following line in my /etc/passwd:
What is the password for this account? Can I login as nobody via normal FTP software? Would are the folder listings supposed to be for this login?
You would not know the password, you have to set it yourself using passwd command
You also need to edit that line in /etc/passwd and change the /sbin/nologin to something like /bin/bash because /sbin/nologin may prevent you from logging it via ftp.
Thanks. I changed that line to /bin/bash, and after doing this I was able to do ‘su nobody’ (before changing that line I had gotten an ‘This account is currently not available.’ error). However when I use passwd it is asking me for my current password. I tried a blank password, it says “passwd: Authentication token manipulation error”
How can I force a password change without knowing the current password (if there even is one in the password settings file)? Is there some way I can do this while root?
You need to do use passwd when logged in as root, then you don’t have to know the current password of user.
Make sure you type
otherwise you will just just root’s password
Thank you. I edited the nobody user’s password using ‘passwd nobody’, and can login via SSH as username ‘nobody’.
However I cannot login via FTP (using ‘ftp host.myserver.com’, replace myserver with my server’s hostname). It gives me the error, “530 Login authentication failed”
Do I need to setup FTP access for this user? If so, how do I do this?
Depending on what ftp server is running on your machine, it may have a list of usernames that are not allowed to login via ftp. This is normal. Also, you need to define a home dir for the ‘nobody’ in /etc/passwd if it’s not already defined, otherwise ftp will have no idea which dir you supposed to be initially in when you ftp to server.
Take a look in /etc/passwd and see how other accounts have entries that point to their own home dirs, then add one for ‘nobody’, point it to a dir you want to be in when you login via ftp.
Well here’s what I had changed the /etc/passwd ‘nobody’ line to earlier:
I guess the “:/:” part is what defines the home dir, in thise case just “/”. Other users are defined like this:
Where /home/phphighl is the homedir for this user. I am not sure what the “:Nobody:” portion of the line is for; the normal users seem to just have that blank as “::” instead. I tried editing the “:Nobody:” to “::” but that didn’t help.
I attempted to change the ‘nobody’ homedir to /home, as well as the home directory of another user, but the FTP login still failed.
Where do I set the list of FTP names that can’t log in?
You need to learn to use log files. All your login error are logged somewhere. Most likely place to look on Linux are in /var/log/messages and /var/log/secure
You also need to find what ftp server is running on you server. Different ftp servers have different configurations. It’s not unlikely that you have vsftpd server. It has some files that store list of accounts that are allowed and not allowed to login to ftp.
By the way, what type of Linux do you have?
If you using vsftpd, then see if you have a file /etc/vsftpd/ftpusers file
it contains list of users that are not allowed to login. There is another list /etc/vsftpd/user_list which also contains a list of users. That list is tricky because the users on that list are denied access by default, but if in /etc/vsftpd/vsftpd.conf there is an option userlist_deny=NO then only users in /etc/fsftpd/user_list are allowed to login (this is not default option, the default is opposit - to deny users on user_list to login)
So edit those files, remove ‘nobody’ if necessary, restart vsftpd server
All these steps only apply if you have vsftpd as your ftp server.
Another way to solve your problem (a much better way) is to NOT use ‘nobody’ for running apache web server, instead create a new regular account on your server, then change in httpd.conf from ‘nobody’ to this new user, restart apache
You will then be able to login, ftp, whatever you want and have the same permissions as apache user, so you will be able to modify files that were created by apache (uploaded via web)
There is another advantage of NOT running apache as ‘nobody’ as when you send emails from your website, the header will always say ‘nobody’ as return path of your email, and that’s a dead giveaway that email was sent from a website. Spam filters don’t like that.
That’s exactly the way I always do things on my server, my webservers never run as ‘nobody’