Dear List -
Tried to run the program, that we have been discussing, and received a
403 error.
rosenberg:/var/www# ls -la StoreInventory.php
-rwxrwxrw- 1 ethan ethan 4188 Aug 26 20:26 StoreInventory.php
rosenberg:/var# ls -ld www
drwxrwxrw- 37 ethan ethan 20480 Aug 26 20:26 www
I had set the
If your web-server is setup to read files with .php extension
through PHP engine (it is I guess)
than no body from outside (using HTTP) can't read content of
original PHP file only the output of that particular script.
The only concern you may have is that somebody else on that server
Hi,
I'm very new to php.
One thing I noticed in order to run the php program (on a linux server) I
need to set the read permission
for Other.
In this program I'll have the MySQL credentials defined.
Are there are any security concerns when the read permission
is set like this. Wouldn't it be
Heh you are really new to Linux
permissions on linux are set per user/group/other bases
so for most secure set permissions to read only for web-server user
so
chown 'webserveruser' file.php
chmod 400 file.php
make sure you have root access at server so you can change that file
or make a group
Bojan Tesanovic wrote:
Heh you are really new to Linux
permissions on linux are set per user/group/other bases
so for most secure set permissions to read only for web-server user
so
chown 'webserveruser' file.php
chmod 400 file.php
make sure you have root access at server so you can
On Thu, August 9, 2007 8:15 pm, jekillen wrote:
On Aug 8, 2007, at 9:34 PM, Richard Lynch wrote:
On Wed, August 8, 2007 7:52 pm, jekillen wrote:
Apache runs as the User setting in httpd.conf
If that User can rwx the files, then PHP can rwx the files.
If not, not.
It's that simple.
On Aug 8, 2007, at 9:34 PM, Richard Lynch wrote:
On Wed, August 8, 2007 7:52 pm, jekillen wrote:
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Here is the situation:
I
Hello again;
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Here is the situation:
I want to store sensitive data such as login/pw data for
registered users. I also want to
jekillen wrote:
Hello again;
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Same as inside the document root afaik.
I want to store sensitive data such as login/pw
On Wed, August 8, 2007 7:52 pm, jekillen wrote:
I have a question about including php files that are outside of
the web server document root. What permission does Apache
use to access files outside of the document root?
Here is the situation:
I want to store sensitive data such as login/pw
On 3/23/07, Jim Lucas [EMAIL PROTECTED] wrote:
Rahul Sitaram Johari wrote:
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X as a share using the ³mount t smbfs
//[EMAIL PROTECTED]/ShareName Share².
The
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X as a share using the
rahul:~/Documents/XFER rjohari$ ls -la osm
total 26548
drwxr-xr-x 1 rjohari rjohari16384 31 Dec 1969 .
drwxr-xr-x 5 rjohari rjohari 170 22 Mar 12:08 ..
-rwxr-xr-x 1 rjohari rjohari21508 13 Sep 2006 .DS_Store
-rwxr-xr-x 1 rjohari rjohari 82 14 Sep 2006 ._Temporary
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
rahul:~/Documents/XFER rjohari$ ls -la osm
total 26548
drwxr-xr-x 1 rjohari rjohari16384 31 Dec 1969 .
drwxr-xr-x 5 rjohari rjohari 170 22 Mar 12:08 ..
-rwxr-xr-x 1 rjohari rjohari21508 13 Sep 2006 .DS_Store
[snip]
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Ave,
Or make sure the user apache runs on has write access to the share.
That's the problem I'm facing. I'm not sure how to do that. If I'm not
mistaken, Apache runs as user nobody on my Mac, but I don't know how to
give that user
Ave,
Or make sure the user apache runs on has write access to the share.
That's the problem I'm facing. I'm not sure how to do that. If I'm not
mistaken, Apache runs as user nobody on my Mac, but I don't know how to
give that user write access on the Windows Machine.
Yes, it is quite
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Well chmod is certainly not doing anything. I tried that to begin with. I
don't get an error, but it doesn't change any permissions. Just doesn't do
anything to the permissions of the file/folder. Like it's just ignored.
I did it as
Ave,
Certainly looks very promising, but is giving me:
mount_smbfs: -o fmask=: option not supported
Let me google it too, see what I can come up with. Appreciate it a lot mate.
On 3/22/07 12:48 PM, Tijnema ! [EMAIL PROTECTED] wrote:
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Well chmod is certainly not doing anything. I tried that to begin with. I
don't get an error, but it doesn't change any permissions. Just doesn't do
anything to the permissions of the file/folder. Like it's just ignored.
I did it as root using sudo.
On 3/22/07 12:18 PM, Tijnema ! [EMAIL
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Ave,
Certainly looks very promising, but is giving me:
mount_smbfs: -o fmask=: option not supported
Let me google it too, see what I can come up with. Appreciate it a lot mate.
Hmm, i googled a little bit, and i found a norwegian site
Yes, it does appear that samba on mac os x is not taking any configuration
options. I tried different options for the mount_smbfs command which does
have very specific user/owner/group related permissions options - but all
give me the same operation not supported error.
Let me take a closer look
Get a copy of WinSCP3 or FileZilla ftp utilities, both are free. They will show
you who the owner is for the dirs and files. You can also use a SSH shell
command; but, unless you are already familiar with Unix commands, using the
utilities will be a lot easier and quicker.
To change a file
On 3/22/07, Al [EMAIL PROTECTED] wrote:
Get a copy of WinSCP3 or FileZilla ftp utilities, both are free. They will show
you who the owner is for the dirs and files. You can also use a SSH shell
command; but, unless you are already familiar with Unix commands, using the
utilities will be a lot
Ave,
But i think that when remounting the partitition, the permissions are reset
too.
Unfortunately you're absolutely right! The share is re-mounted on a daily
basis (along with a reboot), and thus, even if the 'copy, delete from
server, copy to server' process were to work, with every unmount
On 3/22/07, Rahul Sitaram Johari [EMAIL PROTECTED] wrote:
Ave,
But i think that when remounting the partitition, the permissions are reset
too.
Unfortunately you're absolutely right! The share is re-mounted on a daily
basis (along with a reboot), and thus, even if the 'copy, delete from
Ave,
I can't believe I'm saying this, but SOLVED it!
Took me about 6 hours, and this one website, with this one little snippet in
one corner of a black white page on the ENTIRE Internet gave me a solution
with this guy who had the same problem - and he wrote fixed it for me, hope
it helps
Rahul Sitaram Johari wrote:
Ave,
I¹m not sure if anyone here is going to be able to help, but I¹ve run into a
permissions snag.
I have Apache Web Server running on Mac OS X with PHP. I have a folder on a
windows machine mounted on my Mac OS X as a share using the ³mount t smbfs
//[EMAIL
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
what username does php uses to read files?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Benjamin Adams wrote:
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
what username does php uses to read files?
Usually www, so you could have a bit of a problem there. PHP runs under
the same user Apache does, although there are
Benjamin Adams wrote:
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
what username does php uses to read files?
Use a .htaccess file, if your web server supports it.
For example, in apache2 you can do this:
FilesMatch yourfile.txt
On Fri, April 21, 2006 3:48 pm, Benjamin Adams wrote:
I have a text file that is just being read by php
Can I change the permissions of it so www can not read it?
Yes.
Then PHP cannot read it, if your setup is what I think it is...
what username does php uses to read files?
That depends.
For our company's intranet, I've turned on Windows Authentication in IIS
so that I can automatically capture the network username for everyone
hitting our website. It works well, but I'm having a problem with file
permissions now.
PHP normally executes the page request with the Intranet Guest
Jason, Hugh, John,
Thanks for all your help. And thanks Hugh for sending me your FTP
script.
It turns out that the chmod() command was the magic bullet I was
looking for. By placing
chmod ($imageName, 0777)
... into the script right after it places the uploaded file in it's
John, Hugh,
I'm not sure what you mean when you say use PHP's FTP. I'm using
$HTTP_POST_FILES because the files are retrieved through a web form.
As for the user, I would assume that it's whatever default for any
viewer coming to a web page. I have people log in using a user name and
On Sunday 30 January 2005 23:04, Dave wrote:
I'm not sure what you mean when you say use PHP's FTP. I'm using
$HTTP_POST_FILES because the files are retrieved through a web form.
What is meant by that is that after the file is uploaded, during your
processing of the upload file, instead
PHP List,
The Situation:
I am building a content management system where users can, among
other things, upload images into a directory.
The Problem:
The image uploads fine, but once it's there, it can't be over
written. So if a user uploads an image, and then changes his or her mind
Use php's ftp commands.
Hugh
- Original Message -
From: Dave [EMAIL PROTECTED]
To: php-general@lists.php.net
Sent: Saturday, January 29, 2005 11:11 AM
Subject: [PHP] Permissions on uploaded image don't allow for over writing
PHP List,
The Situation:
I am building a content
Dave wrote:
PHP List,
The Situation:
I am building a content management system where users can, among
other things, upload images into a directory.
The Problem:
The image uploads fine, but once it's there, it can't be over
written. So if a user uploads an image, and then changes his
Hi All,
I have a need for a PHP application to read/write Linux system files that
have root.root ownership. At present reading not a problem but writing
obviously is denied. I know there are probably some serious security issues
here, but what should I be doing to allow this behaviour. I am
[snip]
I have a need for a PHP application to read/write Linux system files
that
have root.root ownership. At present reading not a problem but writing
obviously is denied. I know there are probably some serious security
issues
here, but what should I be doing to allow this behaviour. I am running
Hi Phil,
Phil Ewington - 43 Plc wrote:
Hi All,
I have a need for a PHP application to read/write Linux system files that
have root.root ownership. At present reading not a problem but writing
obviously is denied. I know there are probably some serious security issues
here, but what should I be
Sorry,
I do not know the exect anaswer but i have one rough idea that in PHP we have
one function by which we can run the linux command like
fun_name(command)
Actually i used this function long before so i forgot
we can use chmod 777 to our file or any command to change the permissionand by
Jason Wong wrote:
On Tuesday 13 January 2004 06:46, Jas wrote:
[Please trim your posts!]
Just tried that and I am getting the same error. I guess what I am
really looking for is a way to have apache restart the service without
adding the apache user in the 'sudoers' file.
If you
Something I have never tried... seems fairly straight-forward but I am
running into problems.
My problem is that I need to call system to restart a daemon service
like so...
?php
$cmd = /path/to/shell/script/script.sh;
system($cmd . /tmp/error );
?
Script contains this command...
#!/bin/bash
- Original Message -
From: Jas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 12, 2004 4:47 PM
Subject: [PHP] permissions with bash scripts in php?
Something I have never tried... seems fairly straight-forward but I am
running into problems.
My problem is that I need
Jake McHenry wrote:
- Original Message -
From: Jas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, January 12, 2004 4:47 PM
Subject: [PHP] permissions with bash scripts in php?
Something I have never tried... seems fairly straight-forward but I am
running into problems.
My
On Tuesday 13 January 2004 06:46, Jas wrote:
[Please trim your posts!]
Just tried that and I am getting the same error. I guess what I am
really looking for is a way to have apache restart the service without
adding the apache user in the 'sudoers' file.
If you really must restart system
Robin Kopetzky wrote:
Good Morning/Afternoon.
I have a program that is trying to write to a directory on a Windows server
and I don't know how to setup the permissions to read/write/delete just from
this directory. I have it permissions set to 'Everyone' but that doesn't
work.
Help?!?!
If you
On Wednesday 26 November 2003 02:38, Robin Kopetzky wrote:
I have a program that is trying to write to a directory on a Windows server
and I don't know how to setup the permissions to read/write/delete just
from this directory. I have it permissions set to 'Everyone' but that
doesn't work.
Good Morning/Afternoon.
I have a program that is trying to write to a directory on a Windows server
and I don't know how to setup the permissions to read/write/delete just from
this directory. I have it permissions set to 'Everyone' but that doesn't
work.
Help?!?!
Robin 'Sparky' Kopetzky
Black
My commercial host is set up with the public root directory, public_html,
owned by user: userid, group: nobody. Directories I create within
public_html are owned by user: userid, group: userid. As a result, PHP does
not have permission to create files or write to files in public_html, but it
does
* Thus wrote Lowell Allen ([EMAIL PROTECTED]):
My commercial host is set up with the public root directory, public_html,
owned by user: userid, group: nobody. Directories I create within
public_html are owned by user: userid, group: userid. As a result, PHP does
not have permission to create
* Thus wrote Lowell Allen ([EMAIL PROTECTED]):
My commercial host is set up with the public root directory, public_html,
owned by user: userid, group: nobody. Directories I create within
public_html are owned by user: userid, group: userid. As a result, PHP does
not have permission to create
I'm using PHP version 4.2.2 on a Linux system running Apache. I am
trying to allow my users to upload a file, however I continue to receive a
Permission denied error when using move_uploaded_file() or copy(). The
file appears to be sent to the temporary directory successfully, but can not
be
If I set permissions of my server root to chmod 777 that's a security
risk right?
How do I set my server to allow me to write a file to my web root from
another directory using PHP? Or is it a Unix problem?
I have a generator file writes a string to a text file and then renames
the text file as a
On Tue, 2003-07-08 at 07:21, Steve Jackson wrote:
If I set permissions of my server root to chmod 777 that's a security
risk right?
How do I set my server to allow me to write a file to my web root from
another directory using PHP? Or is it a Unix problem?
I have a generator file writes a
Tahnk you,
but I don't want to let web user see the log file
Nicholas Wieland [EMAIL PROTECTED] wrote in message
20030216011528.GA1411@localhost">news:20030216011528.GA1411@localhost...
On 2003.02.15 20:11 qt wrote:
I am planning to make a log file with fopen command.
I am succesfully
Dear Sirs,
I am planning to make a log file with fopen command.
I am succesfully read and write the file with fopen. But as I see fopen is
requiring a file with read and write permission for public.
I was using same method with perl in cgi-bin directory; but I was giving
read and write
On 2003.02.15 20:11 qt wrote:
I am planning to make a log file with fopen command.
I am succesfully read and write the file with fopen. But as I see
fopen is requiring a file with read and write permission for public.
Not for public, for your webserver user, www-data or another similar
name.
I have a script which uploads images from the user. My webhost recently
moved things around and now I get permission errors when the file is
uploaded. I am using the path from the apache root to my destination folder
as the path to the image folder. My webhost told me that the folder has all
Hi
I want to make a secure site. The username , password and permission of the
users must be stored in database.
I only want certain icons (navigation bars) to be available to certain
users. How would i be able to do this with permissions ?
Thanks
Shaun
--
PHP General Mailing List
You can use array with the user permissions (stored in a session
variable), and use it someway like
if($_SESSION['perm']['do_that']) echo 'a href=do_that.phpDo that/a';
Shaun wrote:
Hi
I want to make a secure site. The username , password and permission of the
users must be stored in
HI,
I am trying to use a script php with the command:
system(mkdir /home/hosting/test);
but the PERMISSION IS DENIED and I am the root on my server.
How I change the user to root?
Thanks
--
Atenciosamente
Breno Cardoso Perucchi
[EMAIL PROTECTED]
Consultor - Omega Tecnologia
you don't. php/apache run as the user nobody for security purposes.
Adam
On Thu, 12 Sep 2002, Breno Cardoso Perucchi wrote:
HI,
I am trying to use a script php with the command:
system(mkdir /home/hosting/test);
but the PERMISSION IS DENIED and I am the root on my
I know, but how I change to root user?
--
Atenciosamente
Breno Cardoso Perucchi
[EMAIL PROTECTED]
Consultor - Omega Tecnologia
http://www.omegatec.net/
Adam Williams [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
you don't. php/apache run as the user nobody
On Thu, 12 Sep 2002, Breno Cardoso Perucchi wrote:
system(mkdir /home/hosting/test);
but the PERMISSION IS DENIED and I am the root on my server.
How I change the user to root?
Dude, you don't change to the root user ... you'll get yourself owned that
way. Change the permissions on the
Help. I've managed to hose myself. I had this page working fine until I
went in and screwed up my users under NT4. I can't backtrack and figure out
what I changed. Can anyone point me in the right direction? Is this a
permissions issue? Thanks.
Brent
Warning:
Help. I've managed to hose myself. I had this page working fine until I
went in and screwed up my users under NT4. I can't backtrack and
figure out what I changed. Can anyone point me in the right direction?
Is this a permissions issue? Thanks.
Ok, sorry if Im gonna sound a little blunt,
On Tuesday 07 May 2002 21:30, Dan Hardiker wrote:
Ok, sorry if Im gonna sound a little blunt, but the following error message
looks rather obvious to me.
Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (/tmp) in Unknown
At 02:30 PM 5/7/02 +0100, you wrote:
Help. I've managed to hose myself. I had this page working fine until I
went in and screwed up my users under NT4. I can't backtrack and
figure out what I changed. Can anyone point me in the right direction?
Is this a permissions issue? Thanks.
Dan
On Tuesday 07 May 2002 21:58, brent wrote:
At 02:30 PM 5/7/02 +0100, you wrote:
Help. I've managed to hose myself. I had this page working fine until I
went in and screwed up my users under NT4. I can't backtrack and
figure out what I changed. Can anyone point me in the right
Dan - It seemed pretty obvious to me too, but again, the ini file
hasn't changed since the whole thing worked. What has changed are the
permissions under NT. I've tried changing the /tmp permissions, but
the combinations are considerable, and I don't have time to try them
all. I was
Jason Wong [EMAIL PROTECTED] wrote:
I've tried changing the /tmp permissions, but the combinations
are considerable, and I don't have time to try them all. I was hoping
someone could point me in the right direction.
Set it world readable/writeable?
Oooh, nasty. That should be your last
, and I am a relative newbie
and I'm not sure what the issues are or how to find out more about
them.
How do I give php permissions to delete files etc., without opening up
an security hole? Is this an issue at all?
Help!
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe
chown them to nobody.
- Original Message -
From: ROBERT MCPEAK [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 19, 2002 7:53 PM
Subject: [PHP] php permissions
php is running on our box as nobody:nogroup. I'm trying to write php
code that will edit/delete files
On Friday, April 19, 2002, at 01:53 PM, ROBERT MCPEAK wrote:
My sysadmin is hesitant to give php more access until I do some
research about the security issues involved, and I am a relative newbie
and I'm not sure what the issues are or how to find out more about
them.
How do I give php
Raven [EMAIL PROTECTED] 04/19/02 01:55PM
chown them to nobody.
- Original Message -
From: ROBERT MCPEAK [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 19, 2002 7:53 PM
Subject: [PHP] php permissions
php is running on our box as nobody:nogroup. I'm trying to write
php
code
How? Manually each time a file is uploaded? Or with PHP somehow?
I appreciate your response, but perhaps I'm not clear enough.
Isn't it quite common to have php creating/editing/deleting files on
the server? How is this done in a secure manner?
Could you explain further?
Well
Craig, you seem very knowledgable and I appreciate your help. I
confused matters by mentioning the word upload. I'm actually not
using php to upload the files. The user ftps the files to the server,
and the ownership permissions prevent php from manipulating the files.
I'm looking for a clear
On Friday, April 19, 2002, at 02:44 PM, ROBERT MCPEAK wrote:
Isn't it quite common to have php creating/editing/deleting files on
the server? How is this done in a secure manner?
Running Apache/PHP as 'nobody' isn't really that secure, since there may
be other services running on the
Can someone pleas tell me if there is something funny when it comes to unix
permissions and PHP When php creates a file in unix the owner is
nobodydoes this raise any issues, and if it does could someone please
tell me a web site where I could read more about this Thanks alot
John
, March 04, 2002 2:26 PM
To: [EMAIL PROTECTED]
Subject: [PHP] permissions
Can someone pleas tell me if there is something funny when it comes to unix
permissions and PHP. When php creates a file in unix the owner is
nobody...does this raise any issues, and if it does could someone please
tell me a web
On Mon, 4 Mar 2002, John Gurley wrote:
Can someone pleas tell me if there is something funny when it comes to unix
permissions and PHP When php creates a file in unix the owner is
nobodydoes this raise any issues, and if it does could someone please
tell me a web site where I could read
andy thomas wrote:
PHP will always run as the same user as Apache runs as.
true in Apache 1.3 and 2.0's prefork and worker mode. Not so in
perchild (once it starts working :) )
--
===
Jim Jagielski [|] [EMAIL
Hi,
I have a script which uploads an image to a directory within web root
(on Redhat 7.0). Whilst the dir itself was created via FTP, the images
of course have been written to the dir via a PHP script.
When I try to FTP a copy of the images down to my local hard disk, I get
permission denied.
Justin,
If your PHP script is placing the files there, they are owned by the 'web'
user. The web user doesn't have permission to change the file ownership
to you, but for your purposes all you should need to do is change the file
permissions in your PHP script after the file is uploaded:
What permissions would I set a php file to that could only be ready by
somebody logged into the server as root but still be executed via a website?
is this possible?
Thanks
Randy
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version:
So sprach »Power Programmer« am 2001-09-14 um 13:06:05 -0700 :
What permissions would I set a php file to that could only be ready by
somebody logged into the server as root but still be executed via a website?
root can always read each and everything, so you don't have to care
about this
Hi,
I want to read a file on my web server in a .php script using fopen and
I don't want to set read permissions on this file for everyone. However it
seems that the PHP module has that same access to the filesystem that
everyone would have. I can only read this file if I set read
: Monday, August 27, 2001 8:06 PM
Subject: [PHP] permissions when using fopen
Hi,
I want to read a file on my web server in a .php script using fopen and
I don't want to set read permissions on this file for everyone. However it
seems that the PHP module has that same access
91 matches
Mail list logo