NYCPHP Meetup

[nycphp-talk] Setting directory permissions

Bradley Baumann bradley at bestweb.net
Sat Apr 19 10:21:31 EDT 2003


Sorry, I saw your question and your lack of luck with someone's code - I
didn't read the rest of the posts just because I'm in a rush right now, but
I figured I'd give you the code I used when I needed to make a directory
that I could upload to.

function new_projectdir($project_name)
{
 $old_mask = umask();
 umask(0000);
 chdir('/directory/whatever/');
 mkdir($project_name, 0770);
 umask($old_mask);
 return 1;
}

----- Original Message -----
From: "Hans Zaunere" <zaunere at yahoo.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Friday, April 18, 2003 9:40 PM
Subject: Re: [nycphp-talk] Setting directory permissions


>
> --- jsiegel1 at optonline.net wrote:
> > Hans,
> >
> > What would you suggest for a set of pages that use a set of pics that
the
> > end user can upload?
>
> If you're looking for a picture gallery option, then http://gallery.sf.net
is
> probably your best bet.  It requires Apache writable directories and
> safe_mode=off (PSaw may be able to expand on this, since he implmented it
for
> NYPHP.org).  This isn't inherently insecure, but a shared environment and
a
> clever malicious user, may be food for thought.
>
> > Should I upload them (the pics) into a database as blobs?
>
> This certainly is the 'cleanest' option; but performance could be a
> consideration, especially for large images.
>
> Having apache writable directories isn't always a bad thing, but if you
end
> up writing the code yourself, just be very careful with paths and such.
>
> H
>
>
> > Jeff
> >
> > ----- Original Message -----
> > From: Hans Zaunere <hans at nyphp.org>
> > Date: Friday, April 18, 2003 8:20 pm
> > Subject: Re: [nycphp-talk] Setting directory permissions
> >
> > >
> > > Hi Jeff,
> > >
> > > --- jsiegel1 at optonline.net wrote:
> > > > I'm sure this is an easy one but...since I'm still learning
> > > PHP...I'm> scratching my poor bald head. ;)
> > > >
> > > > Here's a code snippet:
> > > >
> > > > //create new directory with the id name if it doesn't exist,
> > > chmod to 777
> > > > if(!is_dir($id)) {
> > > >     $root = getenv('DOCUMENT_ROOT');
> > > >     $id = $root . '/pic_test/' . $id;
> > > >     mkdir($id,0777);
> > > > }
> > >
> > > Note that the is_dir($id) call isn't nessecarily checking the dir
> > > you think
> > > it is.
> > >
> > > > The problem is...this only works if I chmod the subdirectory
> > > "pic_test" to
> > > > 777 using my FTP application. However, I want to quickly change the
> > > > permissions via PHP code, upload some pictures with my form,
> > > then change
> > > > the permissions back to 755.
> > >
> > > Assuming you're running PHP as an Apache module, you'll be limited
> > > to the
> > > user priveleges of Apache itself.  While in most cases this is
> > > good, for
> > > writing to the filesystem things can get hairy.
> > >
> > > For one, you won't be able to change the permissions of a
> > > directory/file you
> > > don't own (read: apache's running user doesn't own).  So, trying
> > > to change
> > > the permissions from less-restrictive to more-restrictive
> > > 'quickly' is a moot
> > > point, since if a malicious page is written, he'd just change the
> > > perms if
> > > desired anyway.
> > >
> > > It's a catch-22 (as it should be) and is only solvable by having
> > > properownership (or improper ownership, depending on your
> > > viewpoint), suEXEC
> > > (achtung!) or a daemon to handle file operations.
> > >
> > > HTH,
> > >
> > > H
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
>
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>





More information about the talk mailing list