How to extract Zip archive located under different user directory in ISPConfig 3

Discussion in 'General' started by Serghei Leonenco, Jan 16, 2020.

  1. Serghei Leonenco

    Serghei Leonenco New Member

    I face the problem with extracting the .zip archive located under different user web/ directory. Let me explain: I have 2 websites both written on pure php. First website i use to manage Second. Every client on Second website has his own folder located in root with similar code but different configs. It looks like this:

    Second website

    Like you understand owner of this files is user: web2 and group: client0

    And First website location:
    Owner of this files is user: web1 and group: client0

    What I'm trying to do is to extract zip archive at Second webroot directory while working on my backend on First website when create a new client.

    Here is the code i tried(this works perfect on my localhost when user: www-data and group: www-data):
    if (!file_exists('/var/www/clients/client0/web2/web/' . $_POST['storeid'])) {
       $zip = new ZipArchive;
       $dir = '/var/www/clients/client0/web2/web/';
       $install_dir = $dir . 'backup/';
       $res = $zip->open($install_dir . '');
       if ($res === TRUE) {
           //Try to execute
           $zip->extractTo($dir . $_POST['storeid'] . '/'); //var/www/clients/client0/web2/web/client2
           //Set permissions on new store folder
           chmod_r($dir . $_POST['storeid'], 0755, 0644);
           echo "\nExtracted successfully to " . $dir;
       } else {
           echo "Failed to open zip: " . $dir . "" . " \n";
    At the time when i run this code i get message:

    I know it may be related to user permissions. How can solve this considering keeping same ISPConfig environment and user permissions.
    Also i checked if i can retrieve the permissions on web2/web folder with fileperms("/var/www/clients/client0/web2/web"); and this returned 0
  2. Steini86

    Steini86 Active Member

    The basic idea of different users is that they can not read nor write the data from other users. To make this possible would weaken security on your server. Only do this if you are the only user on that server. In my opinion, what you are trying to do is not a good idea.
    However: Since both users (web1/web2) share the same group, it would be enough to give the group read/write access to the needed files and folders. But that would allow ALL members of that group (client0) to read/write there.
    You can change permissions with "chmod" command.
  3. S0ft

    S0ft Member HowtoForge Supporter

  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    In addition to setting group permissions correctly, you would have to modify php's open_basedir to allow that to work, and not use anything that would run chroot in the first site's jail environment.

    An alternative approach would be to bind mount the appropriate directory from the second site into a location the first site can access. (You can remap user id's with the mount to address the permissions.)
  5. ahrasis

    ahrasis Well-Known Member

    Use ssh.
  6. Serghei Leonenco

    Serghei Leonenco New Member

    I realized that the problem was in open_basedir(). How do you think? if I write down the path I need in the Option tab, it will not lead to a server failure? I have test sites located on a production server.

Share This Page