Re: strange post photoalbum Apache/PHP error to view uploaded photos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


------------ Original Message ------------
> Date: Friday, August 13, 2021 22:49:31 +0200
> From: Rene Veerman <rene.veerman.netherlands@xxxxxxxxx>

> but after the upload, when i try to view the files, i get an Apache
> level "Access denied" message in the browser 
> shows debug information that
> lists the chown rene:www-data command on the files to fail, but
> that's understandable because apache runs as www-data:www-data.
> However, the chmod 770 command on the files does succeed, 
> - after running my
> script after the upload has fully completed, the
> photoalbum/4.0.0/index.php display script works without the access
> denied bug and correctly displays the sub-folder contents.

You need to show your work ...

  - show the apache error log errors - the browser message isn't very

  - show a (truncated) directory/file listing (from the shell) that
    includes the ownership/group settings and permissions


It's not clear what you mean by:

    > apache runs as www-data:www-data.

That looks like the owner/group information that you'd put on a chown
command, not the way you would describe the user that a process runs

While your script appears to set the directory for your "nicerapp"
with the owner/group of rene:www-data with 750 permissions, at the
bottom of that script, files under that are given 770 permissions.
That means that the user "www-data" has write permission to those
directories and files. 

Assuming that your apache instance runs as "www-data", this is a
security risk. Directories and files under the document root should
*never* be writable by the process that is running apache server.

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux