Permissions in PHP – PHP

  php

Q(Question):

Hi! I have a script designed to read a number of
images and make thumbnails of them. These thumbnails are stored in
/thumbs/ as tn_filename.jpg. And so apache needs permissions to
write in ./ so it kan create thumbs and the files therein.
But I also want to upload pictures directly to ./ with
FTP/SSH without logging in as apache.

I have tried with groups but then I need some kind of default
permission on all files in the subdirectories.

So… any tips?


Martin Isaksson
ma******@dd.chalmers.se

The church saves sinners, but science seeks to stop their manufacture.
— Elbert Hubbard

A(Answer):

Martin Isaksson wrote:

Hi! I have a script designed to read a number of
images and make thumbnails of them. These thumbnails are stored in
/thumbs/ as tn_filename.jpg. And so apache needs permissions to
write in ./ so it kan create thumbs and the files therein.
But I also want to upload pictures directly to ./ with
FTP/SSH without logging in as apache.

I have tried with groups but then I need some kind of default
permission on all files in the subdirectories.

So… any tips?

chmod 777 uploaddir/
chmod 666 uploaddir/*

A(Answer):

On Mon, 08 Sep 2003 12:05:30 +0100 in
<message-id:Xn*****************@stones.force9.net>
Matty <ma*******@askmenoquestions.co.uk> wrote:

> I have tried with groups but then I need some kind of default
> permission on all files in the subdirectories.
>
> So… any tips?
>

chmod 777 uploaddir/
chmod 666 uploaddir/*

Matty..

Just out of curiousity and off topic really for here.. but have you ever
looked at mod_become for Apache? I’ve had a few people ask me the same
questions for shared hosting.. and while I’m in the middle of writing a
control panel application that’ll include a filemanager and will get
over this issue anyway, I was wondering if you’d had any experience with
mod_become to handle issues of this nature too.

Just a passing thought while I was on snert.com earlier =)

Regards,

Ian


Ian.H [Design & Development]
digiServ Network – Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

A(Answer):

Ian.H [dS] wrote:

Matty..

Just out of curiousity and off topic really for here.. but have you ever
looked at mod_become for Apache? I’ve had a few people ask me the same
questions for shared hosting.. and while I’m in the middle of writing a
control panel application that’ll include a filemanager and will get
over this issue anyway, I was wondering if you’d had any experience with
mod_become to handle issues of this nature too.

Just a passing thought while I was on snert.com earlier =)

I haven’t actually – normally I’ve tried to avoid this kind of thing, but I’ll
have a look (know a few people who might have worked with it a bit!)

A(Answer):

On Mon, 08 Sep 2003 13:55:02 +0100 in
<message-id:E_*****************@stones.force9.net>
Matty <ma*******@askmenoquestions.co.uk> wrote:

I was wondering if you’d had any experience with

> mod_become to handle issues of this nature too.
>
> Just a passing thought while I was on snert.com earlier =)

I haven’t actually – normally I’ve tried to avoid this kind of thing,
but I’ll have a look (know a few people who might have worked with it
a bit!)

Thanks.. would be appreciated.

I did look into suExec etc, but my PHP install is configured as a
module, thus suExec has no effect.

I thought about using sudo for some things too (not "by users" as such)
but this then provokes a global security issue of who can access what
via the server userID etc.

Out of curiousity again, what makes you try and avoid this sort of
thing? I’m assuming permissions / security of some kind. I’ve not
thought about it until recently and have always used the "normal"
methods for the years of using PHP.. but thought it looked possibly
interesting =)

Thanks again…….

Regards,

Ian


Ian.H [Design & Development]
digiServ Network – Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.

A(Answer):

In article <Xn*****************@stones.force9.net>,
Matty <ma*******@askmenoquestions.co.uk> writes:

Martin Isaksson wrote:

Hi! I have a script designed to read a number of
images and make thumbnails of them. These thumbnails are stored in
/thumbs/ as tn_filename.jpg. And so apache needs permissions to
write in ./ so it kan create thumbs and the files therein.
But I also want to upload pictures directly to ./ with
FTP/SSH without logging in as apache.

I have tried with groups but then I need some kind of default
permission on all files in the subdirectories.

So… any tips?

chmod 777 uploaddir/
chmod 666 uploaddir/*

Well this means that all users on my server are able to do things in there…
Not good…


Martin Isaksson
ma******@dd.chalmers.se

The purpose of Physics 7A is to make the engineers realize that they’re
not perfect, and to make the rest of the people realize that they’re not
engineers.

A(Answer):

Martin Isaksson wrote:

In article <Xn*****************@stones.force9.net>,
Matty <ma*******@askmenoquestions.co.uk> writes:

Martin Isaksson wrote:

Hi! I have a script designed to read a number of
images and make thumbnails of them. These thumbnails are stored in
/thumbs/ as tn_filename.jpg. And so apache needs permissions to
write in ./ so it kan create thumbs and the files therein.
But I also want to upload pictures directly to ./ with
FTP/SSH without logging in as apache.

I have tried with groups but then I need some kind of default
permission on all files in the subdirectories.

So… any tips?

chmod 777 uploaddir/
chmod 666 uploaddir/*

Well this means that all users on my server are able to do things in
there…

Not necessarily. If their default group is the same as yours, then
doing chmod 705 on your home directory will make it inaccessible to
people in the same group as you, whilst making it accessible to the
webserver process, which (presumably) is running as nobody.

LEAVE A COMMENT