[PHP] Uploading and directory permissions
Hi all For few years now I've been creating custom CMSs and I've been having an images folder with permissions 777 so the PHP script can upload images through the CMS. You can imagine what the problem is... although I never had someone deleting images (low profile sites usually), couple of days ago someone deleted all images from one of the websites (gg!!!). Anyways I was wondering if there is a way to upload through PHP without having write permission to all. Is there a way maybe, for the script, to change permission to write before the upload and then take it off? or anything else I can do to protect the dir? Thank you Mario - Marios Adamantopoulos Web Developer [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Uploading and directory permissions
On Monday 10 May 2004 05:20 am, Mario wrote: Anyways I was wondering if there is a way to upload through PHP without having write permission to all. Is there a way maybe, for the script, to change permission to write before the upload and then take it off? or anything else I can do to protect the dir? You could keep your upload directory with 777, but after uploading move files to safer directory with stricter file permissions. You could probably even get away with just changing the permission of the file after it was uploaded. http://php.net/filesystem http://php.net/manual/en/function.chmod.php // Read and write for owner, read for everybody else chmod(/somedir/somefile, 0644); James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Uploading and directory permissions
[snip] For few years now I've been creating custom CMSs and I've been having an images folder with permissions 777 so the PHP script can upload images through the CMS. ... Anyways I was wondering if there is a way to upload through PHP without having write permission to all. Is there a way maybe, for the script, to change permission to write before the upload and then take it off? or anything else I can do to protect the dir? [/snip] First of all the directory needs only to be world-writable, so a 446 permission should work on the directory, resulting in dr--r--rw-. Since the Apache likely operates nobody nogroup you would also want to set the ownership properly. Anyone with root access to the server could still do harm, but hopefully you don't have a lot of those folks running around. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Uploading and directory permissions
The problem there is that PHP doesn't have enough permissions to make that change I basically tried to change a 0775 dir to 0777, upload and then put it back to 0775. The chmod doesn't even work on a file. When I upload a file I'm trying to put 0775 to a file but it only gives it a red and write for the owner (another problem there since I can't download (through FTP) the images I uploaded through PHP. Mario - Original Message - From: James E Hicks III [EMAIL PROTECTED] To: Mario [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, May 10, 2004 3:56 PM Subject: Re: [PHP] Uploading and directory permissions On Monday 10 May 2004 05:20 am, Mario wrote: Anyways I was wondering if there is a way to upload through PHP without having write permission to all. Is there a way maybe, for the script, to change permission to write before the upload and then take it off? or anything else I can do to protect the dir? You could keep your upload directory with 777, but after uploading move files to safer directory with stricter file permissions. You could probably even get away with just changing the permission of the file after it was uploaded. http://php.net/filesystem http://php.net/manual/en/function.chmod.php // Read and write for owner, read for everybody else chmod(/somedir/somefile, 0644); James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
