No acces to files on my hosting account

Forum Moderators: phranque

Message Too Old, No Replies

No acces to files on my hosting account

lajkonik86

2:13 pm on Jan 22, 2005 (gmt 0)

Heeyz

i'm uploading files to my server with this script:

if(!copy($_FILES['bestand']['tmp_name'], $HTTP_SERVER_VARS['DOCUMENT_ROOT']. "/usermade/" .$gamedir . "/images/".$bestandsnaam)) {
echo "Uploading failed. Please click the back button in the browser and try again.";
exit();
}

Problem is i can't delete these files after they have been uploaded. I get an access denied.
What could cause this and what could i do about this?

bill

2:26 pm on Jan 22, 2005 (gmt 0)

Sometimes scripts can run under different permission levels. I had something similar happen with a CMS script. I had to write another script to delete those files.

lajkonik86

11:12 am on Jan 23, 2005 (gmt 0)

so i would need to write another script to delete them:S?

jorj

7:20 pm on Jan 23, 2005 (gmt 0)

Your apache move the files under its own user and permissions. In order to be able to delete them you will have to chmod 0666 them after upload because you will connect with a FTP as user USER not as user 'apache'.

Alex

lajkonik86

9:41 pm on Jan 24, 2005 (gmt 0)

ahh like that.
Sounds good.

Not sure how to chmod with php though.
what's the function for doing that?

lajkonik86

9:41 pm on Jan 24, 2005 (gmt 0)

Hmm forget that:)
[be2.php.net...]

lajkonik86

3:54 pm on Jan 25, 2005 (gmt 0)

okey i'm chmoding them 0777
they do get the chmod but i stell get denies acess.

lajkonik86

12:01 am on Jan 27, 2005 (gmt 0)

bump plz help

lajkonik86

11:00 pm on Jan 27, 2005 (gmt 0)

bump again:)

vkaryl

2:41 am on Jan 28, 2005 (gmt 0)

I have a feeling you'll get more info faster in either "website technology" or "linux/unix etc." fora. Maybe repost there with a link to this thread so you don't have to repeat stuff? Or sticky tedster or engine and ask to move the thread?

You already did without success the only thing I know to do....

rocknbil

7:24 pm on Jan 29, 2005 (gmt 0)

okey i'm chmoding them 0777
they do get the chmod but i stell get denies acess.

777 is not a wise thing to do unless you really, REALLY REALLY need the files overwriteable. World-writeable means just that, anyone that can gain ownership permissions can overwrite them.

And that's what this is, an OWNERSHIP issue. Apache ownership is "anyone" but only "anyone" accessing the site through the web.

You are probably logging in as "domainowner" (i.e., whatever your FTP user name is.) While you can chmod the files as writable and have apache overwrite them, the inverse is not true. So one quick fix would be to upload the files and chmod them 777, which would allow apache to overwrite them, but it's not the wisest.

You could try using the same process as used by which they were created to delete them. If you create them using a script, delete them using a script.

lajkonik86

10:58 am on Jan 31, 2005 (gmt 0)

the fix doesn't work.
I get the files chmod 777 but still got no acces myself.
I can delete files with the script so i suppose i should do that.

Since i myself cannot acces the files while they are chmoded 777 how could someone else?
Also the upperlying directory is 777 also to allow creation of files by the php script.

Is there a better way to handle this?
And in what way does this compromise my security?

rocknbil

6:39 pm on Feb 4, 2005 (gmt 0)

I think you missed this - chmod 777 is a write permission. It has nothing to do with ownership. When you write the files via a script, it's not owned by you, (ftp user) which why you can't delete them. I struggled with this for the longest time, world-write dosn't **really** mean world write. Sometimes. :-D

The reasons 777 is so risky can be explained better by the gurus, do a search for it. But the short answer is if someone gains access to a server via a script or other security hole - not necessarily via your site, it can be another domain on your hosting server - 777 gives them a place to do their dirty work.