mkdir in a 755 dir

fingermark

i have the make.php located on my server. the only line of code is
mkdir("/home/foouser/public_html/newdir", 0755);. now
/home/foouser/public_html is "drwxr-xr-x 7 foouser foouser". with
just that code i get permission errors. i am running make.php from a
remote machine. so how can i get mkdir to create a directory in
/home/foouser/public_html without chmodding anything to 777. would
adding some type of authentication system to make.php work so that i
could let the server know that i'm foouser on my remote machine?

Aug 24 '05 #1

Subscribe Reply

4236

macbri

fi********@gmai l.com Wrote:

i have the make.php located on my server. the only line of code is
mkdir("/home/foouser/public_html/newdir", 0755);. now
/home/foouser/public_html is "drwxr-xr-x 7 foouser foouser". with
just that code i get permission errors. ...

/home/foouser/public_html would have to be owned by the UID the *web
server* is running as. Another way would be to change
~foouser/public_html to mode 775 (drwxrwxr-x) and change it's group
owner to the GID the server is running as. For example on Tiger, GID
70 (group name, www).
--
macbri
------------------------------------------------------------------------
macbri's Profile: http://www.macosx.com/forums/member.php?userid=34415
View this thread: http://www.macosx.com/forums/showthread.php?t=240847
macosx.com - The Answer to Mac Support - http://www.macosx.com

Aug 24 '05 #2

Erwin Moller

fi********@gmai l.com wrote:

Hi,

i have the make.php located on my server. the only line of code is
mkdir("/home/foouser/public_html/newdir", 0755);. now
/home/foouser/public_html is "drwxr-xr-x 7 foouser foouser". with
just that code i get permission errors.
As expected.
When you run a PHP script, that script runs almost in all cases as user
APACHE, often called: nobody, www-data, or just apache.
That user DOES NOT HAVE WRITEPERMISSION in the directory.

So, solutions:
1) Open up the directory to the world. (not wise maybe)
2) Make sure the user that runs php is in the same group as foouser, and
give the group writepermission .
3) Make a new directory in /home/foouser/public_html/forapache with:
drwx------ apache apache
or something that suits your needs.

Regards,
Erwin Moller
i am running make.php from a remote machine. so how can i get mkdir to create a directory in
/home/foouser/public_html without chmodding anything to 777. would
adding some type of authentication system to make.php work so that i
could let the server know that i'm foouser on my remote machine?

Aug 24 '05 #3

Colin McKinnon

fi********@gmai l.com wrote:

i have the make.php located on my server. the only line of code is
mkdir("/home/foouser/public_html/newdir", 0755);. now
/home/foouser/public_html is "drwxr-xr-x 7 foouser foouser". with
just that code i get permission errors. i am running make.php from a
remote machine. so how can i get mkdir to create a directory in
/home/foouser/public_html without chmodding anything to 777.
It's because the webserver is not running as user 'foouser' so doesn't have
write permission to /home/foouser/public_html

If you can chown that dir to the webserver user it will work - but for most
intents and pruposes this would have the same effect as chmoding the dir to
0777
would
adding some type of authentication system to make.php work so that i
could let the server know that i'm foouser on my remote machine?

No, IIRC, only root can change the privilege on a running process but
there's nothing to stop you creating a process running as foouser (although
this will need a *lot* of clever coding to get the process to do what you
want).

I did think about writing an I/O proxy in C to do exactly this - but after
worked out what was involved I had a sudden bout of apathy.

C.

Aug 24 '05 #4

fingermark

Well, my next question is how would I do what you described in solution
#2?

thanks

Erwin Moller wrote:

fi********@gmai l.com wrote:
As expected.
When you run a PHP script, that script runs almost in all cases as user
APACHE, often called: nobody, www-data, or just apache.
That user DOES NOT HAVE WRITEPERMISSION in the directory.

So, solutions: 2) Make sure the user that runs php is in the same group as foouser, and
give the group writepermission .
Regards,
Erwin Moller

Aug 24 '05 #5

fingermark

ok, here's the update:

i'm trying to write an upload script on a web server that will not
allow me to change the ownership or group name of a directory. i can
physically create /public_html/uploads to be 777 so that i can upload
files and edit images uploaded on that directory. the problem is, how
can i prevent someone from writing their own script off of my server (a
remote script) and adding/deleting files in /public_html/uploads since
it is 777?

Aug 25 '05 #6

Erwin Moller

fi********@gmai l.com wrote:

ok, here's the update:

i'm trying to write an upload script on a web server that will not
allow me to change the ownership or group name of a directory. i can
physically create /public_html/uploads to be 777 so that i can upload
files and edit images uploaded on that directory. the problem is, how
can i prevent someone from writing their own script off of my server (a
remote script) and adding/deleting files in /public_html/uploads since
it is 777?

Hi,

[where I say 'apache' here I mean the user that runs as apache the PHP code,
which is also named often 'www-data' or 'nobody']

A few things you should/can consider:
If you store the images in xxx/public_html/uploads probably anybody can just
type http://www.yoursite.com/uploads/... and get them, unless you take some
precautions like making the files unreadable for user apache, in which case
you'll have a hard time using them in your website. So that is a bad
solution, agree?

A solution I used once is the following:

You need a solution where apache can write the files (from fileupload) and
read them too (to use in your website).
So why not let apache create the directory and change the filepermissions on
it to: uploads drwx------ apache apache

Now apache can read, write, delete in that directrory.

Note: How to do this?
1) You'll have to temporary change permissions in the parentdirectory to
allow apache to create the directory in public_html.
chmod 777 public_html
2) Make a simple sript that creates the uploadsdirector y and chmod it to the
above (chmod 700 uploads).
3) Set the permissions on public_html back to whatever you like, or had
before.

Now you are reasonably safe, except for 1 thing: Other users on your machine
can ALSO run php scripts as apache (on most setups).
So they could modify this uploads directory via their own PHP scripts.

If you do not trust them (on shared hosting or because you know they are
@ssh0les) you could use the following trick to make their life more
misserable:
Instead of the uploadsdirector y, you make a subdirectory in uploads, which
you give a horrible name, like this:
/home/yourhomedir/public_html/uploads/Hytr647ygghfFpi oiaoiu17897/
In that directory you store the images, and you make sure the
uploadsdirector y doesn't have listpermissions for apache.
so uploads will get:
uploads drw------- apache apache
and the funky named directory will get:
Hytr647ygghfFpi oiaoiu17897 drwx------ apache apache

Now you have to do 1 last thing, because you do not want your html to
contain the name of the funky named directory. That would be too easy for
them.
So instead of pointing the path to your uploaded images directly to
upload/Hytr647ygghfFpi oiaoiu17897/mrx.jpg

like in <img src="upload/Hytr647ygghfFpi oiaoiu17897/mrx.jpg">

you need something like:
<img src="getimage.p hp?image=mrx.jp g">

And write a simple php script that knows the path to the image and returns
it. (That is very basic and you can find it on php.net)

Hope this helps.

Good luck.
Regards,
Erwin Moller

Aug 25 '05 #7

fingermark

Thanks, Erwin. I've been searching and posting messages on the
Internet for two days now and have not found a decent answer, until I
read this. Good job.

Aug 25 '05 #8

Similar topics

2431

safe_mode and mkdir in a loop

by: Salmo Bytes | last post by:

I have a script that wants to mirror a directory structure, reading from location1 and writing (mkdir) at location2. This code works fine on a my own desktop test box. But fails at 'mkdir' when run on virtualhost box with safe_mode enabled and virtual (chrooted?) filesystems. My script makes the first top-level directory just

PHP

1757

Noobie Question: Using strings and paths in mkdir (os.mkdir("/test/"a))

by: Shaun | last post by:

Hello! I can't seem to get paths and variables working together: import os a = 'books' os.chdir( '/test') os.mkdir("/test/"a) the last line does not seem to work. os.mkdir(a) makes the directory

Python

3218

batch mkdir using a file list

by: DataSmash | last post by:

Hello, I think I've tried everything now and can't figure out how to do it. I want to read in a text list from the current directory, and for each line in the list, make a system directory for that name. My text file would look something like this: 1144 1145 1146 1147

Python

6061

MkDir Method

by: Sue | last post by:

AccessXP in Access2000 Mode: In my code I use the MkDir method to create a folder and then I want to use the transfertext method to create a delimited text file in that folder. MkDir runs and then when transfertext runs I get a message that a file can not be created in the folder because the folder is Read Only. When I check the folder's attributes with Windows Explorer, sure enough the folder is Read Only. How can I use the MkDir...

Microsoft Access / VBA

9276

mkdir problem

by: eoindeb | last post by:

I am trying to create a directory on Solaris using the mkdir() function. This works fine when I pass a string literal ("/etc/hosts") to mkdir, but if I try passing a directory pointer to mkdir, it returns a -1 error. The directory error works fine with fopen - does anyone know what I am doing wrong?? Here's a snippet of the code: int Check_Directory() //check for existence of directory - if not there, create the file { int status, ret...

C / C++

7714

mkdir() won't do it for me

by: MikeC | last post by:

Good People, I'm writing a backup utility that uses a chdir() to go into the source directory (in which the files reside that I want to back up), so I don't want to use chdir() to get into the target directory (where the backup copies will be kept, on another drive). I can successfully test whether the target directory exists or not using findfirst(), but if it doesn't, I wanted to create it using mkdir(), but it doesn't like the path...

C / C++

24538

os.mkdir and mode

by: vj | last post by:

How do I do the following unix command: mkdir -m770 test with the os.mkdir command. Using os.mkdir(mode=0770) ends with the incorrect permissions. Thanks, VJ

Python

3030

mkdir sucks, really

by: Cris | last post by:

OK, I do this call on a linux system: if(!file_exists("../pages/".$_POST."/")) { $dirname = "/home/u2/sss/sss/html/pages/".$_POST.""; mkdir($dirname, $mode); } and get this:

PHP

5425

mkdir not working

by: John | last post by:

Hi The following does not create a directory neither does it give any error message. Any ideas? $umask=umask(0); $where="/var/www/vhosts/example.com/httpdocs/friday/"; mkdir ($where,0777); umask($umask);

PHP

1994

mkdir() in safe_mode

by: _q_u_a_m_i_s's | last post by:

Hy, i encountered a weird problem on a server running php5, and apache. Seems like i cannot create folders that end with "/". for example: mkdir("test/") will fail mkdir("test") will work Is there any issue with mkdir that i don`t know about? or safe_mode affects this in any way? The problem is that mkdir is called in lots of different places in the

PHP

9718

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9596

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10363

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10368

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

10107

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

9186

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

5544

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5678

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3008

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General