CertSage ACME client (version 1.0.0) - easy webpage interface, no commands to type, root not required

rg305 · August 20, 2021, 6:54am

But isn't
~/
always available to all users?

Usalabs · August 20, 2021, 6:55am

@griffin In windows permissions aren't really a problem, but Linux is very tight when it comes to perms, so when I looked at the instructions to download and just run it, then it must be running from a windows IIS, not Linux, because as rg305 said, PHP doesn't have permission outside the html directory, soooo, I'm going to try and use another location, and see if that works.

griffin · August 20, 2021, 6:55am

Not on a GoDaddy shared hosting instance from a web context, unfortunately.

griffin · August 20, 2021, 6:56am

Oh yes it does

https://griffin.software/certsage.php

That's the exact same file to the byte that you downloaded. No errors.

rg305 · August 20, 2021, 6:56am

Then you have to code around it OR THROUGH IT!
Try various locations within the code until one works!

Usalabs · August 20, 2021, 6:57am

I'm running it on 2 of my own hosting servers, in the basement lol, running headless Ubuntu, Apache, and PHP 7.3, one is the live site and has the FQDN DNS records pointing to my WAN IP, and the other is LAN only.

griffin · August 20, 2021, 6:58am

Oh, I did my friend. They have that locked down tight.

Usalabs · August 20, 2021, 6:59am

Is that windows or Linux?

griffin · August 20, 2021, 6:59am

I like it. I'm always curious how things will go in different environments.

rg305 · August 20, 2021, 6:59am

I'm assuming you didn't use:
./
for security reasons and that path is not useable.

hmm...

griffin · August 20, 2021, 6:59am

Linux, Apache.

griffin · August 20, 2021, 7:00am

./ is public_html (and thus would put private keys into public space).

griffin · August 20, 2021, 7:01am

I think cPanel instances have more lax permissions for user directories due to controlling the more sensitive bits.

Usalabs · August 20, 2021, 7:01am

Hold the phone, I just remembered, my PHP config does allow access outside the html directory, because I also have websites located in /var/www/site1 /var/www/site2, etc etc, and use apache document rewrites to point to those locations.

griffin · August 20, 2021, 7:02am

I'm assuming the directory write permissions aren't allowed for PHP's user in /var/www.

rg305 · August 20, 2021, 7:07am

How about creating a path in ./ that is protected from web access?
Or reviewing ~/ some more...
Using getcwd() might help.

How about creating security through obscurity?
Create a long random variable and use that as the directory name (so 1980s!).

griffin · August 20, 2021, 7:10am

All interesting options.

I must get some sleep now, but I'll check back in the morning.

Usalabs · August 20, 2021, 7:11am

Ok, g'night,,, I'll keep trying different locations

griffin · August 20, 2021, 7:12am

Let me know how it turns out.

Usalabs · August 20, 2021, 7:13am

It WORKED!!!!!

I created a directory in /var/www called sage-data and chowned it to www-data:www-data changed the location variable in the script and now it works fine, it seems that PHP requires the www-data:www-data user and group for access outside the html directory, now I can deploy it to my live site.