NYCPHP Meetup

[nycphp-talk] Setting directory permissions

Hans Zaunere hans at nyphp.org
Fri Apr 18 20:20:05 EDT 2003


Hi Jeff,

--- jsiegel1 at optonline.net wrote:
> I'm sure this is an easy one but...since I'm still learning PHP...I'm
> scratching my poor bald head. ;)
> 
> Here's a code snippet:
> 
> //create new directory with the id name if it doesn't exist, chmod to 777
> if(!is_dir($id)) {
>     $root = getenv('DOCUMENT_ROOT');
>     $id = $root . '/pic_test/' . $id;
>     mkdir($id,0777);
> }

Note that the is_dir($id) call isn't nessecarily checking the dir you think
it is.

> The problem is...this only works if I chmod the subdirectory "pic_test" to
> 777 using my FTP application. However, I want to quickly change the
> permissions via PHP code, upload some pictures with my form, then change
> the permissions back to 755.

Assuming you're running PHP as an Apache module, you'll be limited to the
user priveleges of Apache itself.  While in most cases this is good, for
writing to the filesystem things can get hairy.

For one, you won't be able to change the permissions of a directory/file you
don't own (read: apache's running user doesn't own).  So, trying to change
the permissions from less-restrictive to more-restrictive 'quickly' is a moot
point, since if a malicious page is written, he'd just change the perms if
desired anyway.

It's a catch-22 (as it should be) and is only solvable by having proper
ownership (or improper ownership, depending on your viewpoint), suEXEC
(achtung!) or a daemon to handle file operations.

HTH,

H





More information about the talk mailing list