www.webdeveloper.com
Results 1 to 3 of 3
  1. 12-27-2006, 06:06 PM #1
    chestertb's Avatar
    chestertb
    chestertb is offline Privateer and Brigand
    Join Date
    Aug 2003
    Location
    Sydney, Australia
    Posts
    700

    chmod() & chown() problems

    Hi All,

    I'm gaving some difficulty getting my head around "Permissions".

    In my public_html folder, I have two directories, one called 'standard' and the other called 'configs'.

    In configs, there's a script called 'makeone.php' that creates a directory in public_html, and then copies the contents of 'standard' into the new directory. It then creates a file in configs.

    Or at least that's what it's supposed to do.

    If I set permissions to 0770 in public_html, and 0777 in configs, then I can create the required directory and write the file into configs.

    If, when I create the folder in public_html, I set it to 0777, then I can copy from standard to the new folder.

    If I set the permission of the new folder back to 0755 on completion, then my ftp software (filezilla) can't delete the new folders, or change permissions.

    This raises a number of questions, not least is one of security.

    I think it comes down to ownership, in that the "owner" of the php installation is different to the owner of the domain space (shared server).

    If that's correct, how do I get the right owner id's, and how do I transfer ownership from one to the other?

    Suggestions?

    Thanks
    CTB
    Oh Lord, please help me be the person my dog thinks I am.
    Reply With Quote Reply With Quote
  2. 12-27-2006, 09:59 PM #2
    chazzy's Avatar
    chazzy
    chazzy is offline Working class hero
    Join Date
    Aug 2005
    Location
    The Garden State
    Posts
    5,634
    you're right - the owner of the files created by PHP is not you. however, maybe its not clear to me, but do you actually need to have write permission on these files? being able to read them should be enough for an FTP to download them.
    Acceptable Use | SQL Forum FAQ | celery is tasteless | twitter

    celery is tasteless - currently needing some UI time
    Reply With Quote Reply With Quote
  3. 12-28-2006, 12:00 AM #3
    chestertb's Avatar
    chestertb
    chestertb is offline Privateer and Brigand
    Join Date
    Aug 2003
    Location
    Sydney, Australia
    Posts
    700
    Thanks Chazzy.

    I do need write permission.

    I'm trying to automate an account creation process, and to do that, the php script, and NOT the ftp software needs to create folders, copy files and write a configuration file. The only reason I mentioned ftp was because I was using filezilla to verify that the php had behaved predictably.

    The only way the script works is if public_html is set to 770 and config is set to 777.
    This clearly create a security risk.

    The owner of config, using fileowner() is 3xxxx and the owner of the new folders is 99.

    Is there a workaround for this?
    If not, what security exposure do I have at these settings?

    CTB
    Oh Lord, please help me be the person my dog thinks I am.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

 HTML5 Development Center



Recent Articles