Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Safe Mode & File Upload

pdav
Guest
  
Posts: n/a
#1: Jul 17 '05
Hi!

Is there any solution to create a directory with one script
with mkdir(), and then write a file (or move an uploaded file) in this
directory with another script?

The problem is, that the directory belongs to the PHP-interpreter (UID
33 in my case) and the script doing the file creation and the one
creating the directory belong to the FTP-user (UID 754 in my case).

I just can't create diffenent directories and write some pictures in.

My provider doesn't want to turn off Safe Mode.

thanks
Dave

Alan Little
Guest
  
Posts: n/a
#2: Jul 17 '05

re: Safe Mode & File Upload

Carved in mystic runes upon the very living rock, the last words of pdav
of comp.lang.php make plain:
[color=blue]
> The problem is, that the directory belongs to the PHP-interpreter (UID
> 33 in my case) and the script doing the file creation and the one
> creating the directory belong to the FTP-user (UID 754 in my case).
>
> I just can't create diffenent directories and write some pictures in.
>
> My provider doesn't want to turn off Safe Mode.[/color]

You could create the directory with open permissions. But your provider
should install a script wrapper. This is much more secure than files and
directories with open permissions.

Or you could move to a better provider.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/
David Prem
Guest
  
Posts: n/a
#3: Jul 17 '05

re: Safe Mode & File Upload

Alan Little schrieb:[color=blue]
> You could create the directory with open permissions. But your provider
> should install a script wrapper. This is much more secure than files and
> directories with open permissions.[/color]

What do you mean with open permissions?
Something like mkdir($dir, 0777) or so?
This doesn't work, mkdir creates directories only with permission 0755
on this server. And chmod($dir, 0777) doesn't change the ownership.
chown() is not allowed at all (because the directory doesn't belong to
the script, it belongs to the PHP-interpreter).

Thanks anyway

Dave
Alan Little
Guest
  
Posts: n/a
#4: Jul 17 '05

re: Safe Mode & File Upload

Carved in mystic runes upon the very living rock, the last words of
David Prem of comp.lang.php make plain:
[color=blue]
> Alan Little schrieb:[color=green]
>> You could create the directory with open permissions. But your
>> provider should install a script wrapper. This is much more secure
>> than files and directories with open permissions.[/color]
>
> What do you mean with open permissions?
> Something like mkdir($dir, 0777) or so?
> This doesn't work, mkdir creates directories only with permission 0755
> on this server. And chmod($dir, 0777) doesn't change the ownership.
> chown() is not allowed at all (because the directory doesn't belong to
> the script, it belongs to the PHP-interpreter).[/color]

No, chmod doesn't change the ownership, but allows anyone to access it,
so that it doesn't matter who owns it. Very insecure.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/
pdav
Guest
  
Posts: n/a
#5: Jul 17 '05

re: Safe Mode & File Upload

Alan Little schrieb:[color=blue]
> No, chmod doesn't change the ownership, but allows anyone to access it,
> so that it doesn't matter who owns it. Very insecure.[/color]

I know, it shouldn't do.
But if I create a directory with mkdir($dir, 0777), there is a directory
with permissions 0755 and I can create files with a Script owned by the
FTP-User.
If I create the same directory, but use chmod($dir, 0777) after
creation, the directory gets permissions 0777, but I can't anymore
access the directory with a Script owned by the FTP-User because
SafeMode says, that the directory belongs to the PHP-Interpreter.
I know that chmod() doesn't change the owner, but why then it works
without chmod() but doesn't work with chmod(0777), although 0777 gives
me more permissions than standard 0755.

Thats the big problem and that's why I don't understand how ownerships
are determined.

I know:
File-Upload via FTP -> Owner: FTP-User
File-Creation via PHP -> Owner: PHP-Interpreter

Directory-Creation via PHP -> Owner: should be PHP-Interpreter, but no
Problem with SafeMode although I create Files with Script owned by
FTP-User in Directory owned by PHP-Interpreter.

Directory-Creation via PHP and Permissions set by chmod() -> Owner:
definitely PHP-Interpreter, because then there is a problem for SafeMode.

I don't understand why it works without chmod()... There should also be
a problem.

And why can't I create a file in a Directory with permissions 0777 only
because it's not mine. Permissions 0777 do allow me write access,
although it isn't mine, am I right?

Why is there SafeMode, when I cannot work with it right?

Dave
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,510 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved