homepage Welcome to WebmasterWorld Guest from 50.19.206.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
directory permissions security
sssweb




msg:4464550
 7:39 pm on Jun 12, 2012 (gmt 0)

I know this topic is done to death, but I can't find a clear answer to my specific question. I have a php script that creates files on my server, for which I need directory permissions 757.

My question: Is this still a security issue even if I do not allow users to upload files to my site. That is, can hackers do this completely on their own?

If so, I need advice on work-arounds, none of which I can get to work. I've tried:

1) .htaccess "deny from all" - my script no longer writes

2) chmod to 757, create & write to file, chmod back to 755 - I get chmod error "Operation not permitted"

3) chown to change user group permissions for write access - not even close to figuring out how to do it.

4) put the directory above root dir - haven't tried; does it really solve the problem?

Suggestions?

 

sssweb




msg:4464559
 8:13 pm on Jun 12, 2012 (gmt 0)

I just got this working. The solution is pretty easy so here it is for others with the same issue:

1. using ftp, change file permissions for the directory ABOVE the directory in which you want the files to 757

2. use PHP mkdir("directory/path", 0755) to create the directory within the one from step 1

3. PHP chmod("directory/path", 0757) [note - you can try combining steps 2 & 3 with mkdir(..., 0757), but my server didn't allow it]

4. PHP file_put_contents() to create and write the file in the directory PHP created

5. PHP chmod("directory/path", 0755)

6. *** Remember to ftp the directory in step 1 back to 755

Thereafter, you should be able to create, write to, and update files in your PHP-created directory.

In short, php can only chmod to folders and files that it creates, so set permissions to 757 via ftp, let php create the directory, then php can chmod back & forth as needed when writing.

If anyone sees a problem with this fix, please post for my benefit and others.

sssweb




msg:4464583
 9:19 pm on Jun 12, 2012 (gmt 0)

I just discovered that steps 3 & 5 above may not even be needed -- php can write to directories that it creates with 755 permissions.

incrediBILL




msg:4464796
 8:47 am on Jun 13, 2012 (gmt 0)

The problem is probably the group/owner permissions.

What group and owner are your directory and files being created as, your account or apache:apache?

Also, are you hosting the account on the server using a control panel like Plesk or cPanel?

sssweb




msg:4464860
 12:16 pm on Jun 13, 2012 (gmt 0)

I'm currently on a shared hosting plan with a provider. My web host has its own admin panel; I don't recognize the two names you mention and doubt they're involved.

I don't really know the group & owner config either, though when I run phpinfo, I do get some apache settings if that means anything.

As I said, the problem is fixed (unless I'm wrong somewhere in my post above), but I am interested in tips on working with owner & group permissions -- don't know much about that beyond basic chmod.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved