Re: Uploading files / processing with a PHP script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, October 8, 2006 7:47 am, Ron Piggott (PHP) wrote:
> When I upload a file into an application I am writing with the HTML
> form
> command
>
> <INPUT NAME="userfile" TYPE="file">
>
> and then give the PHP command
>
> move_uploaded_file( $userfile , $destination_file_name);
>
> the owner of the file is 'www'.  Is there any way I am able to
> automatically change the owner of the file to my FTP login identity
> (for
> example 'rpiggott')

Yes, no, sort of, maybe, and exactly how depends.

See, here's the thing.  If you, rpiggott, or if www, could just chown
(change owner) of any file to anything they wanted, that would be Very
Bad.  Cuz you could change a file to be owned by 'root', then chmod it
to be run *AS* root, and then you essentially *are* 'root'.  And
that's bad.  If you don't know why that's bad, you're way behind on
your reading...

Anyway, here's what you can do, that should work no matter what else
is happening on the machine:
User www can make the file world or group readable with
http://php.net/chmod when the file is created.
If rpiggott and www are in a common group, group readable is enough;
If not, you have to use world readable.  Use group if you can.

Once www's file is readable by rpiggott, then rpiggott can copy the
file in a cron job or shell script that www can execute, or...  When
rpiggott copies www's file into a new file, then rpiggott is creating
the file, and it should be owned by rpiggott.


Another option, if you happen to have 'root' on the machine (which
would be kinda scary given the original question, but there it is) you
can make a root-owned script to just chown the files, and run it in a
cron job.


Before you do all this -- Think carefully.  Sometimes changing
ownership has broad and drastic implications.  You may want to just
have www chmod the file so rpiggott can read it or even write it, and
then you don't have to go so far as chown.

As a general principle, always do the minimum needed to get the task
done, when it comes to chmod/chown.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux