Web Applications and permissions problems
This document try to explain why you might have permissions problems while running a web application. A minimal IT knowledge is required, and also preferably and minimum of Unix permissions experience.
Let's start with an example, you have a webserver hosting severals sites, it's running Apache on a Linux box. You have to have an FTP access to this server in order to upload/delete your data.
Apache is running under a user that we will call “webuser”, and you're accessing the file using your own account that we will call “ftpuser”. That means, two different users will access the same data (See Figure 1).
With static HTML pages, no problem, as always you're uploading files with your ftpuser, so the files belong to you but are world readable so that the webuser can read them. This is where it become tricky, with Web Applications (like phpGraphy), the webuser suddenly requires to write things (like to generate thumbnails, create a new directory, use flatfile database) and such if the permissions are not changed to be world writable (writable by all users), the webuser won't be able to create/update or delete any file.
“But I've already change permissions and it still not working !” - Then you might have a problem with safe_mode (http://www.php.net/manual/en/features.safe-mode.php
) – Basically safe_mode is a restriction that add another check on the top of the normal permissions, the script accessing the files must have the same UID (User ID), which off course won't be the case in most case as the script will belong to your ftpuser, but the files will belong to the webuser (ie: a generated thumbnail).
NOTE: If you've the control of the webserver, I would advise you to run PHP as CGI along with SuExec or some kind of wrapper that will enable you to have the same user for both webuser and ftpuser. It is out of the scope of this document to describe this process but you'll find plenty of them by using your favorite search engine.