NYCPHP Meetup

NYPHP.org

[nycphp-talk] Setting directory permissions

jsiegel1 at optonline.net jsiegel1 at optonline.net
Sun Apr 20 01:03:43 EDT 2003


Bradley,

Thanks so the suggestion. The problem is that I get a "Permission Denied" error on the "mkdir" command. Is there something I'm overlooking?

Jeff

----- Original Message -----
From: Bradley Baumann <bradley at bestweb.net>
Date: Saturday, April 19, 2003 10:23 am
Subject: Re: [nycphp-talk] Setting directory permissions

> Sorry, I saw your question and your lack of luck with someone's 
> code - I
> didn't read the rest of the posts just because I'm in a rush right 
> now, but
> I figured I'd give you the code I used when I needed to make a 
> directorythat I could upload to.
> 
> function new_projectdir($project_name)
> {
> $old_mask = umask();
> umask(0000);
> chdir('/directory/whatever/');
> mkdir($project_name, 0770);
> umask($old_mask);
> return 1;
> }
> 
> ----- Original Message -----
> From: "Hans Zaunere" <zaunere at yahoo.com>
> To: "NYPHP Talk" <talk at nyphp.org>
> Sent: Friday, April 18, 2003 9:40 PM
> Subject: Re: [nycphp-talk] Setting directory permissions
> 
> 
> >
> > --- jsiegel1 at optonline.net wrote:
> > > Hans,
> > >
> > > What would you suggest for a set of pages that use a set of 
> pics that
> the
> > > end user can upload?
> >
> > If you're looking for a picture gallery option, then 
> http://gallery.sf.netis
> > probably your best bet.  It requires Apache writable directories and
> > safe_mode=off (PSaw may be able to expand on this, since he 
> implmented it
> for
> > NYPHP.org).  This isn't inherently insecure, but a shared 
> environment and
> a
> > clever malicious user, may be food for thought.
> >
> > > Should I upload them (the pics) into a database as blobs?
> >
> > This certainly is the 'cleanest' option; but performance could 
> be a
> > consideration, especially for large images.
> >
> > Having apache writable directories isn't always a bad thing, but 
> if you
> end
> > up writing the code yourself, just be very careful with paths 
> and such.
> >
> > H
> >
> >
> > > Jeff
> > >
> > > ----- Original Message -----
> > > From: Hans Zaunere <hans at nyphp.org>
> > > Date: Friday, April 18, 2003 8:20 pm
> > > Subject: Re: [nycphp-talk] Setting directory permissions
> > >
> > > >
> > > > Hi Jeff,
> > > >
> > > > --- jsiegel1 at optonline.net wrote:
> > > > > I'm sure this is an easy one but...since I'm still learning
> > > > PHP...I'm> scratching my poor bald head. ;)
> > > > >
> > > > > Here's a code snippet:
> > > > >
> > > > > //create new directory with the id name if it doesn't exist,
> > > > chmod to 777
> > > > > if(!is_dir($id)) {
> > > > >     $root = getenv('DOCUMENT_ROOT');
> > > > >     $id = $root . '/pic_test/' . $id;
> > > > >     mkdir($id,0777);
> > > > > }
> > > >
> > > > Note that the is_dir($id) call isn't nessecarily checking 
> the dir
> > > > you think
> > > > it is.
> > > >
> > > > > The problem is...this only works if I chmod the subdirectory
> > > > "pic_test" to
> > > > > 777 using my FTP application. However, I want to quickly 
> change the
> > > > > permissions via PHP code, upload some pictures with my form,
> > > > then change
> > > > > the permissions back to 755.
> > > >
> > > > Assuming you're running PHP as an Apache module, you'll be 
> limited> > > to the
> > > > user priveleges of Apache itself.  While in most cases this is
> > > > good, for
> > > > writing to the filesystem things can get hairy.
> > > >
> > > > For one, you won't be able to change the permissions of a
> > > > directory/file you
> > > > don't own (read: apache's running user doesn't own).  So, trying
> > > > to change
> > > > the permissions from less-restrictive to more-restrictive
> > > > 'quickly' is a moot
> > > > point, since if a malicious page is written, he'd just 
> change the
> > > > perms if
> > > > desired anyway.
> > > >
> > > > It's a catch-22 (as it should be) and is only solvable by having
> > > > properownership (or improper ownership, depending on your
> > > > viewpoint), suEXEC
> > > > (achtung!) or a daemon to handle file operations.
> > > >
> > > > HTH,
> > > >
> > > > H
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > 
> >
> >
> 
> 
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 
> 
> 




More information about the talk mailing list