» IT tipps and howto's

PHP Script: Delete files and folders created by Apache user

Last Update: January 7 2011

Version History
20100116 Script programmed (deletes all files and folders without confirmation)
20100118 Bugfix for current dir (could not be deleted), now set to chmod777 so ftp user can delete
20110107 The user decides what should be deleted
20110107 Variable for apache user name (different names on systems)

Download /howtos/delapacheuserfiles.zip delapacheuserfiles.php
zip-file, 1.23KB

There is one problem on shared hosting servers with Apache and PHP running on it: If a PHP script creates files and folders the owner of those created files is the user under which Apache is running, that's mostly www-data or wwwrun. User's accessing their webaccount by ftp and wanting to delete such files receive a permission denied error - because (of course) they're not allowed to delete those files.

Here a typical output of a ls -l where we see the files and folders created by a PHP script:

-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file1
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file2
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file3
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file4
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file5
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder1
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder100
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder2
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder3
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder40

At the begin of 2010 I created a PHP script (delapacheuserfiles.php) which searches recursively for files and folders owned by the Apache-user and deletes them if the permissions allow it. This did the job but the problem was, that maybe some users don't want to delete ALL the files owned by the Apache-user but only a selection.
Now, one year later I completely reprogrammed the script, allowing the user to select from a list which files/folders to delete. Takes longer, agreed, but it is more secure.

You simply have to download the script, unzip it, upload it into the directory where you want to have the specific apache deleted and execute it on your browser.

Source code (Version 20110107) - the version which asks for files and folders to be deleted:

<?php
############################################################################
# delapacheuserfiles.php
#
# Author: Claudio Kuenzler
# Company: Nova Company GmbH www.novahosting.ch
# Purpose: Deletes files and folders created by Apache user
# Comments and Contact: www.claudiokuenzler.com
#
# Version History
# 20100116 Script programmed
# 20100118 Bugfix for current dir (could not be deleted)
# now set to chmod777 so ftp user can delete
# 20110107 The user decides what should be deleted
# 20110107 Variable for apache user name (different names on systems)
############################################################################
// Set your Apache-User
$apacheuser = "www-data";

// Get Variables
$deldir = $_GET['deldir'];
$delfile = $_GET['delfile'];
$deleted = $_GET['deleted'];

// Delete user approved files to delete
if (isset($deleted) || isset($delfile) || isset($deldir)) {

if (isset($delfile)) {
unlink($delfile);
$type="file";
header("Location: delapacheuserfiles.php?deleted=$delfile");
}

elseif (isset($deldir)) {
rmdir($deldir);
$type="dir";
header("Location: delapacheuserfiles.php?deleted=$deldir");
}

if (isset($deleted)) {
if($type=="file") {
if (is_file($deleted)) {
echo "There was a problem. File $deleted was <u>not</u> deleted."; }
else {echo "File $deleted has been deleted. <a href=\"delapacheuserfiles.php\">back to list</a>"; }
}
else {
if (is_dir($deleted)) {
echo "There was a problem. $deleted was <u>not</u> deleted. Maybe folder is not empty?"; }
else {echo "Folder $deleted has been deleted. <a href=\"delapacheuserfiles.php\">back to list</a>"; }
}
}

}

else {
// Show Files and Folders
header("Cache-Control: no-cache");

// Files
exec("find . -type f -user $apacheuser", $fileresult);

echo "<b>The following files were found:</b><br>";
foreach ($fileresult as $found) {
echo "$found - <a href=\"delapacheuserfiles.php?delfile=$found\">Delete?</a><br>";
}

// Folders
exec("find . -type d -user $apacheuser", $folderresult);

if ($folderresult[0] == ".") {
chmod("$folderresult[0]", 0777);
unset($folderresult[0]); // This removes the current directory from the list
}

echo "<br><br><b>The following folders were found::</b><br>";
foreach ($folderresult as $folder) {
echo "$folder - <a href=\"delapacheuserfiles.php?deldir=$folder\">Delete?</a><br>";
}

}

echo "<p>&copy; 2010-2011 Claudio Kuenzler @ Nova Hosting <a href=\"http://www.novahosting.ch\">www.novahosting.ch</a></p>";
?>

 

Source code (Version 20100118) - the version which deletes everything without asking:

<?php

########################################################
# delapacheuserfiles.php
#
# Author: Claudio Kuenzler
# Company: Nova Company GmbH www.novacompany.ch
# Purpose: Deletes files and folders created by Apache user
#
# Version History
# 20100116 Script programmed
# 20100118 Bugfix for current dir (could not be deleted)
# now set to chmod777 so ftp user can delete
########################################################

// Files
exec("find . -type f -user www-data", $fileresult);
echo "Die folgenden Dateien wurden gefunden:<br>";
foreach ($fileresult as $found) {
echo "<br> $found";
}

foreach ($fileresult as $file) {
unlink("$file");
}

// Folders
exec("find . -type d -user www-data", $folderresult);

if ($folderresult[0] == ".") {
chmod("$folderresult[0]", 0777);
unset($folderresult[0]); // This removes the current directory from the list
}

echo "<br>Die folgenden Ordner wurden gefunden:<br>";
foreach ($folderresult as $folder) {
echo "<br> $folder";
}

foreach ($folderresult as $folder) {
chmod("$folder", 0777);
rmdir("$folder");
}

?>

 

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   OpenSearch   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder