Sharing files between users?

A

AtomicRax

Verified User
Joined
Oct 12, 2003
Messages
79
I've developing a website that allows the end user to upload lots images. Currently the server has two hard drives, so what I'm wanting to do is store the website and database on one and the images on the other.

I have mydomain.com (user1) on hardDriveA and img.mydomain.com (user2) on hardDriveB.

In the future if the website outgrows this server and I have to purchase another server for image storage, I will probably modify the coding to transfer the images using FTP.

However, with one server, I don't see the need to FTP to itself. How do I setup the server to allow me to write to a folder on hardDriveB (belonging to user2) with a script being ran on hardDriveA (belonging to user1)?

Do I just need to modify the folder permissions where I want to save the images or what .. and/or how would I go about doing what needs to be done?

Any help would be greatly appreciated!
 
This website is the only one on the server.. It is a private dedicated server and I'm the only physical user accessing anything "behind the scenes" I've merely created two different website accounts because that was the easiest way to achieve what I wanted on two hard drives. I have no security threat from other users because there are none on this server.

Adding the users to the same group might achieve what I want? This won't have any negative affects with Apache or DirectAdmin will it?
 
no, i suppose that directadmin and apache will not blame for this,

you have user1 group1 user2 group2
add user1 to group2
add user2 to group1

should work

mod ruid is not for other user that access the system but, for dont need to use 777 permission (that is a big hole on security)...

you sayd user can upload images, so, that would mean that some directory have 777 permission (or you use ftp on upload aswell?), thats why i suggested that mod :)
 
Well my php program verifies file extensions to make sure they're uploading an image along with file size to make sure it's not huge. If a directory is chmod 777 so a php script can write images to it, what security risk is there?

the user accesses my program, my program saves the image to the folder, the image is accessed later from the folder. the folder has an index.html so there's no directory browsing.. what am i missing? where's the problem?
 
Do you trust your PHP scripts absolutely? Have you ever checked them on security? Do you trust every software, you're running on your box? It's never too much security, imho.

For such cases I always use symlinks. Just set a symlink from your directory on hardDriveB into user1 home dir, and update open_basedir for the user, add directory in hardDriveB. And chown it to user1.

Something like that...

And sure, Andrea's way is also a good way to go.
 
is a risk put file/directory in 777 cause everyone can write in it, should be with an exploit, a bug on your php programming or what else.

Put a check on extension doesnt mean that is totally sure, neither on check size...

Coppermine, for example, is a cms for photo album and with 777 permission on upload directory has been hacked many time (dunno recent but for sure in the past).

But, you can mange your server and your data as you prefer, mine was just a suggestion.

Every file uploaded with 777 permission take apache user ownership, and, with that ownership/executor should give some good access to your server.

But ofc this is just my own opinion not related with your problem of file between users

Regards
 
I really do appreciate the help, but I need more facts. Sometimes you have to talk to me like I'm a slow stupid child..

@ zEitEr : I don't understand. I create a folder on hardDriveB where I want to save the images, chown the folder to user1, create a symlink in user1's home directory on hardDiveA to the folder I created on hardDriveB, and update open_basedir for which user [and to what?]

@ SeLLeRoNe : "everyone can write in it" -who can write in it? the only way it's being written to is by a php script. so what you're saying is that if someone hacks my php script, they can write in the folder by manipulating my script to do what they want? but even if I change the permission value and the php script can still write to the folder, can't they still do the same thing? and the files are being uploaded and chmod to 644, it's just the folder that would be 777
 
If open_basedir is used, you need to add full path for directory on hardDriveB into open_basedir for user1. So user1 will be able to write files to hardDriveB directory.
 
AtomicRax said:
I really do appreciate the help, but I need more facts. Sometimes you have to talk to me like I'm a slow stupid child..
Click to expand...

Sorry, nobody here ever wanted to hurt your feelings. But it's always a little bit difficult and problematic to understand, who is on other side of a monitor, and how good or bad s/he is at subject.
 
well im not so nice on scripting so ill write a very stupid example.

directory image have 777 permission
i use apache bug to start over address bar a query/command that upload in that directory a perl file and execute it..

the perl file start send spam around the world (or, this is happend to my customer directly, the script create a sub-directory hidden with a copy of a bank website and you'll get contacted cause you're responsable of phishing actions).

This is a really stupid example, but yes, if the directory is 777 no matter what the script you wrote do, that directory is writeble and using a bug, exploit or whatelse, will permit to an hacker to take over your server.. root access aswell if a nice one...

so... i just say, pay attention.

im not saying your a dumb or idiot, i cannot really know and my english is not so perfecto so maybe i use wrong words... im just saying what i personally suggest in the best friendly way im able to...

Sorry if wasnt clear.

Regards
 
zEitEr said:
Sorry, nobody here ever wanted to hurt your feelings. But it's always a little bit difficult and problematic to understand, who is on other side of a monitor, and how good or bad s/he is at subject.
Click to expand...

lol it's not that I'm actually dumb or not at least semi-fluent with the subject at hand.. I'm a programmer by nature. Detailed, logical step-by-step instructions are what I program and usually how I think.. so you can't give me part of an explanation and then say "Something like that..." While greatly appreciated, I usually need a little more logic and details before I catch on to what you're saying, so thanks for clarifying "you need to add full path for directory on hardDriveB into open_basedir for user1" :)



and SeLLeRoNe: that's more of what I was looking for.. you were making a valid suggestion, but I needed a possible example [reason] as to why/how it affected me..



So, thank you all for the help! I have to figure out the best solution for me now..
 
You must log in or register to reply here.
Back
Top