NYCPHP Meetup

NYPHP.org

[nycphp-talk] Setting directory permissions

Bradley Baumann bradley at bestweb.net
Sun Apr 20 21:10:21 EDT 2003 

Show us the code you're using...
Its obviously a permissions issue.. perhaps its the user that apache is
running under?

You might need to have a shell, if you do -- try chowning the directory that
you're creating the directory in so that you have permissions...

-Brad.

----- Original Message -----
From: <jsiegel1 at optonline.net>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Sunday, April 20, 2003 1:03 AM
Subject: Re: [nycphp-talk] Setting directory permissions


> Bradley,
>
> Thanks so the suggestion. The problem is that I get a "Permission Denied"
error on the "mkdir" command. Is there something I'm overlooking?
>
> Jeff
>
> ----- Original Message -----
> From: Bradley Baumann <bradley at bestweb.net>
> Date: Saturday, April 19, 2003 10:23 am
> Subject: Re: [nycphp-talk] Setting directory permissions
>
> > Sorry, I saw your question and your lack of luck with someone's
> > code - I
> > didn't read the rest of the posts just because I'm in a rush right
> > now, but
> > I figured I'd give you the code I used when I needed to make a
> > directorythat I could upload to.
> >
> > function new_projectdir($project_name)
> > {
> > $old_mask = umask();
> > umask(0000);
> > chdir('/directory/whatever/');
> > mkdir($project_name, 0770);
> > umask($old_mask);
> > return 1;
> > }
> >
> > ----- Original Message -----
> > From: "Hans Zaunere" <zaunere at yahoo.com>
> > To: "NYPHP Talk" <talk at nyphp.org>
> > Sent: Friday, April 18, 2003 9:40 PM
> > Subject: Re: [nycphp-talk] Setting directory permissions
> >
> >
> > >
> > > --- jsiegel1 at optonline.net wrote:
> > > > Hans,
> > > >
> > > > What would you suggest for a set of pages that use a set of
> > pics that
> > the
> > > > end user can upload?
> > >
> > > If you're looking for a picture gallery option, then
> > http://gallery.sf.netis
> > > probably your best bet.  It requires Apache writable directories and
> > > safe_mode=off (PSaw may be able to expand on this, since he
> > implmented it
> > for
> > > NYPHP.org).  This isn't inherently insecure, but a shared
> > environment and
> > a
> > > clever malicious user, may be food for thought.
> > >
> > > > Should I upload them (the pics) into a database as blobs?
> > >
> > > This certainly is the 'cleanest' option; but performance could
> > be a
> > > consideration, especially for large images.
> > >
> > > Having apache writable directories isn't always a bad thing, but
> > if you
> > end
> > > up writing the code yourself, just be very careful with paths
> > and such.
> > >
> > > H
> > >
> > >
> > > > Jeff
> > > >
> > > > ----- Original Message -----
> > > > From: Hans Zaunere <hans at nyphp.org>
> > > > Date: Friday, April 18, 2003 8:20 pm
> > > > Subject: Re: [nycphp-talk] Setting directory permissions
> > > >
> > > > >
> > > > > Hi Jeff,
> > > > >
> > > > > --- jsiegel1 at optonline.net wrote:
> > > > > > I'm sure this is an easy one but...since I'm still learning
> > > > > PHP...I'm> scratching my poor bald head. ;)
> > > > > >
> > > > > > Here's a code snippet:
> > > > > >
> > > > > > //create new directory with the id name if it doesn't exist,
> > > > > chmod to 777
> > > > > > if(!is_dir($id)) {
> > > > > >     $root = getenv('DOCUMENT_ROOT');
> > > > > >     $id = $root . '/pic_test/' . $id;
> > > > > >     mkdir($id,0777);
> > > > > > }
> > > > >
> > > > > Note that the is_dir($id) call isn't nessecarily checking
> > the dir
> > > > > you think
> > > > > it is.
> > > > >
> > > > > > The problem is...this only works if I chmod the subdirectory
> > > > > "pic_test" to
> > > > > > 777 using my FTP application. However, I want to quickly
> > change the
> > > > > > permissions via PHP code, upload some pictures with my form,
> > > > > then change
> > > > > > the permissions back to 755.
> > > > >
> > > > > Assuming you're running PHP as an Apache module, you'll be
> > limited> > > to the
> > > > > user priveleges of Apache itself.  While in most cases this is
> > > > > good, for
> > > > > writing to the filesystem things can get hairy.
> > > > >
> > > > > For one, you won't be able to change the permissions of a
> > > > > directory/file you
> > > > > don't own (read: apache's running user doesn't own).  So, trying
> > > > > to change
> > > > > the permissions from less-restrictive to more-restrictive
> > > > > 'quickly' is a moot
> > > > > point, since if a malicious page is written, he'd just
> > change the
> > > > > perms if
> > > > > desired anyway.
> > > > >
> > > > > It's a catch-22 (as it should be) and is only solvable by having
> > > > > properownership (or improper ownership, depending on your
> > > > > viewpoint), suEXEC
> > > > > (achtung!) or a daemon to handle file operations.
> > > > >
> > > > > HTH,
> > > > >
> > > > > H
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>

More information about the talk mailing list