Permission Problem

[waMP]

I am writing a program that copies files from a default directory into another directory in which other directories are created at the same time. For example, I have a default directory and it copies that directory into a /usa/ohio/akron/ directory in which ohio and akron directories are created.

Anyways.. all this copying works great! However, when I go to view the files, such as usa/ohio/akron/index.php, I get a 500 Internal Server Error.

When I check the error log, it says

.../usa" is writeable by group

Well, I know it has to be writeable because the code is writing files to it but I know this is wrong to keep it this way.

When I check the server, the usa directory permission is 777,
the ohio directory permission is 755,
the akron directory permission is 755
and the index.php permission is 644

Now I know the permissions on all the folders are most likely not right, but I don't really know what they need to be to be just viewable by the user, but yet some need to be writeable so the default files can be copied into them, etc.

Also, some that are copied over from the default folder are directories that will contain images, etc. Those folder's permissions are set to 755. Some of these folders will need to be written to later with images that are uploaded into it by the user but yet I don't want them to be fully open with a 777 permission.

I guess I just really need some help on this to make it all straight.

Below is the function and code used to copy the files over which works great, but can someone tell me how to reset the permissions to be correct so they are safe but yet viewable by the user, please?

Code:

function copyr($source, $dest){
// Simple copy for a file
if (is_file($source)) {
	$c = copy($source, $dest);
	chmod($dest, 0644);
return $c;
}
 
// Make destination directory
if (!is_dir($dest)) {
$oldumask = umask(0);
mkdir($dest, 0755);
umask($oldumask);
}

// Loop through the folder
$dir = dir($source);
while (false !== $entry = $dir->read()) {
// Skip pointers
if ($entry == "." || $entry == "..") {
continue;
}
 
// Deep copy directories
if ($dest !== "$source/$entry") {
copyr("$source/$entry", "$dest/$entry");
}
}
 
// Clean up
$dir->close();
return true;
} 							
							
							
		$src = '../defaultCity';
		$dest =  '../' .$country.'/'.$state.'/'.$city.'/';
						

		copyr($src,$dest);

[Mindzai]

You don't need to make directories publicly writeable, you can just chown to the web server's user and remove write from public and group (755). However your actual issue is likely to be in your apache config, because if the directory is readable by everyone the server can serve it. I would check for a line such as Options -Indexes in a relevant <Directory> block in your httpd.conf. If you don't have access to the config for your server, you could also try enabling indexes via a .htaccess file.

[waMP]

Thanks so much for your reply.

I'm just still a little cloudy on what I should do with this code.

Right now, the code writes the following permissions

usa/ohio/akron/index.php is the file tree

the usa directory permission is 777,
the ohio directory permission is 755,
the akron directory permission is 755
and the index.php permission is 644

The usa directory permission is set initially and the other directories and files are written into it with the code.

However, if I change the usa directory to anything but 777, it won't write the other files and directories to it with the code.

So, do you mean I need to change the usa directory to 755 and put an .htaccess file in in? Or what exactly do you mean?

I'm sorry for not understanding.

[waMP]

I got it to work. I set the usa directory permission to 755 and all is copying into the directory fine.

However, is 755 any sort of security risk for any directory?