» IT tipps and howto's

PHP Script: Delete files and folders created by Apache user

Last Update: January 7 2011

Version History
20100116 Script programmed (deletes all files and folders without confirmation)
20100118 Bugfix for current dir (could not be deleted), now set to chmod777 so ftp user can delete
20110107 The user decides what should be deleted
20110107 Variable for apache user name (different names on systems)

delapacheuserfiles.php zip-file, 1.23KB

There is one problem on shared hosting servers with Apache and PHP running on it: If a PHP script creates files and folders the owner of those created files is the user under which Apache is running, that's mostly www-data or wwwrun. User's accessing their webaccount by ftp and wanting to delete such files receive a permission denied error - because (of course) they're not allowed to delete those files.

Here a typical output of a ls -l where we see the files and folders created by a PHP script:

-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file1
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file2
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file3
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file4
-rw-r--r-- 1 www-data www-data 0 2010-01-16 18:30 file5
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder1
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder100
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder2
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder3
drwxr-xr-x 2 www-data www-data 4.0K 2010-01-16 18:30 testfolder40

At the begin of 2010 I created a PHP script (delapacheuserfiles.php) which searches recursively for files and folders owned by the Apache-user and deletes them if the permissions allow it. This did the job but the problem was, that maybe some users don't want to delete ALL the files owned by the Apache-user but only a selection.
Now, one year later I completely reprogrammed the script, allowing the user to select from a list which files/folders to delete. Takes longer, agreed, but it is more secure.

You simply have to download the script, unzip it, upload it into the directory where you want to have the specific apache deleted and execute it on your browser.

Source code (Version 20110107) - the version which asks for files and folders to be deleted:

<?php
############################################################################
# delapacheuserfiles.php
#
# Author: Claudio Kuenzler
# Company: Nova Company GmbH www.novahosting.ch
# Purpose: Deletes files and folders created by Apache user
# Comments and Contact: www.claudiokuenzler.com
#
# Version History
# 20100116 Script programmed
# 20100118 Bugfix for current dir (could not be deleted)
# now set to chmod777 so ftp user can delete
# 20110107 The user decides what should be deleted
# 20110107 Variable for apache user name (different names on systems)
############################################################################
// Set your Apache-User
$apacheuser = "www-data";

// Get Variables
$deldir = $_GET['deldir'];
$delfile = $_GET['delfile'];
$deleted = $_GET['deleted'];

// Delete user approved files to delete
if (isset($deleted) || isset($delfile) || isset($deldir)) {

if (isset($delfile)) {
unlink($delfile);
$type="file";
header("Location: delapacheuserfiles.php?deleted=$delfile");
}

elseif (isset($deldir)) {
rmdir($deldir);
$type="dir";
header("Location: delapacheuserfiles.php?deleted=$deldir");
}

if (isset($deleted)) {
if($type=="file") {
if (is_file($deleted)) {
echo "There was a problem. File $deleted was <u>not</u> deleted."; }
else {echo "File $deleted has been deleted. <a href=\"delapacheuserfiles.php\">back to list</a>"; }
}
else {
if (is_dir($deleted)) {
echo "There was a problem. $deleted was <u>not</u> deleted. Maybe folder is not empty?"; }
else {echo "Folder $deleted has been deleted. <a href=\"delapacheuserfiles.php\">back to list</a>"; }
}
}

}

else {
// Show Files and Folders
header("Cache-Control: no-cache");

// Files
exec("find . -type f -user $apacheuser", $fileresult);

echo "<b>The following files were found:</b><br>";
foreach ($fileresult as $found) {
echo "$found - <a href=\"delapacheuserfiles.php?delfile=$found\">Delete?</a><br>";
}

// Folders
exec("find . -type d -user $apacheuser", $folderresult);

if ($folderresult[0] == ".") {
chmod("$folderresult[0]", 0777);
unset($folderresult[0]); // This removes the current directory from the list
}

echo "<br><br><b>The following folders were found::</b><br>";
foreach ($folderresult as $folder) {
echo "$folder - <a href=\"delapacheuserfiles.php?deldir=$folder\">Delete?</a><br>";
}

}

echo "<p>&copy; 2010-2011 Claudio Kuenzler @ Nova Hosting <a href=\"http://www.novahosting.ch\">www.novahosting.ch</a></p>";
?>

 

Source code (Version 20100118) - the version which deletes everything without asking:

<?php

########################################################
# delapacheuserfiles.php
#
# Author: Claudio Kuenzler
# Company: Nova Company GmbH www.novacompany.ch
# Purpose: Deletes files and folders created by Apache user
#
# Version History
# 20100116 Script programmed
# 20100118 Bugfix for current dir (could not be deleted)
# now set to chmod777 so ftp user can delete
########################################################

// Files
exec("find . -type f -user www-data", $fileresult);
echo "Die folgenden Dateien wurden gefunden:<br>";
foreach ($fileresult as $found) {
echo "<br> $found";
}

foreach ($fileresult as $file) {
unlink("$file");
}

// Folders
exec("find . -type d -user www-data", $folderresult);

if ($folderresult[0] == ".") {
chmod("$folderresult[0]", 0777);
unset($folderresult[0]); // This removes the current directory from the list
}

echo "<br>Die folgenden Ordner wurden gefunden:<br>";
foreach ($folderresult as $folder) {
echo "<br> $folder";
}

foreach ($folderresult as $folder) {
chmod("$folder", 0777);
rmdir("$folder");
}

?>