Re: File permissions do not seem to be my friend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, February 2, 2006 11:34 am, Brian Dunning wrote:
> On Feb 2, 2006, at 9:21 AM, David Grant wrote:
>
>> This is a php.ini setting, so a FS permissions problem.  The
>> sysadmin
>> needs to disable safe mode on your behalf.
>
> Assuming this hosting company prefers to keep safe mode on, is there
> no way my scripts can create files?

Here's one technique that might help:

First, move away all the folders you've already got for the images.

Next, make the folder ENCLOSING the images folder you want be 777
(temporarily) -- this might be your entire website, mind you, but it's
temporary.

Then write a PHP script to:
<?php
  mkdir('/full/path/to/your/desired/images');
  chmod('/full/path/to/your/desired/images', 0777);
?>

*NOW* you have a directory not only with 777, but also OWNED BY the
PHP user, not *your* user.

This is the crucial sticking-point of safe_mode -- that the PHP user
must own the directories/files in question.

You, as non-root, cannot 'chown' the files / directories.

So you need to write PHP scripts to create/chmod/copy the various
files into place.

Just don't forget to chmod the ENCLOSING directory back to what you
want, so your entire site isn't wide open.

I'd also advise that this 777 php-owned directory *NOT* actually be in
your web-tree, but an outside directory that only PHP can access and
that you write a PHP script for each type of access, including serving
up the images through the web-server.

This limits your exposure because you have a choke-point that only PHP
scripts can generate output on things in this dir, and you can control
the PHP scripts on your site to do sanity checks on data before you do
things.

Leaving it in your web-tree means ANY other user on that server can
write a PHP script to deface your site much too easily.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux