PHP file access problem

[ircman]

I have the following problem:

I have made an upload script with php. So a picture is send to a temp dir on the server and than moved to the specified dir in a users public_html.

The problem is that the directory has to be chmoded 777.
Anything else does not work.
Second problem is when I chmod the dir 777 I can not up- or download files via ftp.

Is this a know problem ?

Cedric

 

[vandal]

first you could always change the folder to user.group apache

as root:

chmod apache.apache <dir name>

i don't really understand this:

Second problem is when I chmod the dir 777 I up or download files via ftp.

 

[ircman]

But i don't want to change this for every user on my system that uses or is going to use an upload script with php.

and second this is a security risk.

So this apache.apache is not an option.


I changed the sentence into can not i forgot some words

: Second problem is when I chmod the dir 777 I can not up- or download files via ftp.

 

[vandal]

there is no way around it, it has nothing to do with PHP it's just a permissions issue.

apache is trying to write to a folder (apache because thats what the folder sees the script owned as), if it does not have access to it will not work.

you should be able to upload to that folder for sure, it's world writeable. you may not be able to overwrite because any images that will be created will be owned by apache.

 

[ircman]

Ah that explains.

Hmm I know that it's an permission problem, but changing the dir to apache.apache is not really an option.
Than the normal user cannot write into that dir anymore, only when chmod 777.
But because of security I don't want the dir to be 777.


Cedric

 

[vandal]

yeah it's a trade off...best bet is the user owns the dir but it is world writeable (777). it's just the way the linux file system works.

 

[ircman]

it's just the way the linux file system works.

This is not completely true, because on other servers I do not have this problem. (But they do not work with DA)

Cedric

 

[vandal]

i would like to see that configuration.

only way is that a user is apart of the apache group (or whatever group apache is being run under), the folder is world writeable or the script is using some kind SUID. there may be another way around it, but linux says if this user does not own this folder without 777 it will not write unless the user is of course root.

 

[ircman]

Well the apache server (on the other servers) has no user and group assigned.
Like: nouser and nogroup.

Cedric

 

[vandal]

dunno then man,

depending on what you want to accomplish you might have to take the risk to have a world writeable folder, make it outside of public_html it won't be SO bad.

 

[ircman]

Yeah
But u know customers always tend to nag.

Ah well they just have to use chmod 777.

Thanks for the advice dude

Cedric

 

[vandal]

just doing my best

i would put it in the domains folder since DA does not backup /home/username

 

[ircman]

Yeah that would be the best thing to do.

Cedric

 

[ircman]

Would it be possible for apache to change the user and group per DA user.
So in every httpd.conf or something the apache server is run under the specific user and group.

I have heard of these functions.


Cedric

 

[DirectAdmin Support]

Hello,

I believe thats called phpSuExec

John

 

[ircman]

Ah yes. suExec. Is that implemented in DA, or can I implement it myself to try it out ?


Cedric

 

[DirectAdmin Support]

You'd have to try it out yourself. It doesn't come with DA.

John

 

[andyl56]

I had a problem with this with a script i wrote (http://www.directadmin.com/forum/showthread.php?s=&threadid=3148). The only way I found to fix the problem (which is a crappy solution) but create all folders and chmod them with php's ftp function.

Manual: http://us3.php.net/manual/en/ref.ftp.php

Also, when you use fopen, be sure to include t (text) or b (binary) to specify the type.

If you do this, your problems should be fixed. I highly suggest you create a seperate ftp account restricted to the folder(s) you want this to upload to.