Perhaps this is an apache server question, rather than a php
question. But I want to use a simple php upload script in
a user-home-sub-document-root dir on a standard linux box.
If php is a mod.so it is the apache process that does the
uploading, so it cannot upload into a directory that belongs
to "username" unless the file permissions are 777,
or perhaps......so me way to use group permissions that
allows the apache process to write to a directory whose
group bit is readable and writable.
I tried creating a new group definition in /etc/group
and then made the apache pseudo user a member, as well
as a test user, and then set the directory permission
on that user's public_html directory to 775
But the upload process still throws an error message.
There must be a way to do this, without setting the dir
permission to 777
Is running php as a cgi and then wading through all the
suexec pitfalls the only alternative to 777 permissions?
11  2065 
salmobytes wrote:
Perhaps this is an apache server question, rather than a php
question. But I want to use a simple php upload script in
a user-home-sub-document-root dir on a standard linux box.
If php is a mod.so it is the apache process that does the
uploading, so it cannot upload into a directory that belongs
to "username" unless the file permissions are 777,
or perhaps......so me way to use group permissions that
allows the apache process to write to a directory whose
group bit is readable and writable.
I tried creating a new group definition in /etc/group
and then made the apache pseudo user a member, as well
as a test user, and then set the directory permission
on that user's public_html directory to 775
But the upload process still throws an error message.
There must be a way to do this, without setting the dir
permission to 777
Is running php as a cgi and then wading through all the
suexec pitfalls the only alternative to 777 permissions?
Actually, it's more of a Linux admin question. Could be Apache, but
definitely not PHP. Setting the owner of the file and directory to the
group and making Apache a member of the group should work.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On 1 May, 22:06, salmobytes <by...@salmo.ne twrote:
>
Is running php as a cgi and then wading through all the
suexec pitfalls the only alternative to 777 permissions?
No you could upload to a staging area then use a seperated privilege
program (setuid, sudo, cron job) to publish the files.
Which is the right way to do it - Unix permissions fit a clear,
consistent and correct model; the whole point of a permissions system
is that it doesn't allow you to interfere with things you don't have
permission to do.
C.
C. ( http://symcbean.blogspot.com/) wrote:
On 1 May, 22:06, salmobytes <by...@salmo.ne twrote:
>Is running php as a cgi and then wading through all the
suexec pitfalls the only alternative to 777 permissions?
No you could upload to a staging area then use a seperated privilege
program (setuid, sudo, cron job) to publish the files.
I suppose I could write a (carefully-written) setuid c-program,
that does the chown, and invoke that.
I'm not sure I want to allow the apache process to chown with sudo.
That sounds like a dangerous can of worms.
Cron would fine, but then you have to wait.
This is for a classroom setting. I think I'll give up on the upload
script and force them to use ftp. Eventually they'll learn how
to use ssh and a server-side text editor.
<?php
if($_SESSION['loggedin']) ///use some sort of a password mechanism
system("/home/username/public_html/mycp " . $_GET['wfile'] . " " .
dirname($_SERVE R['SCRIPT_FILENAM E'])."/" . " dbg");
?>
====== mycp.c =======
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
void useage()
{
printf ("use: mycp sourcefile outputfile\n");
exit(0);
}
int main (int argc, char *argv[])
{
unsigned ch;
FILE *in_fp, *out_fp;
if(argc < 3)
useage();
char src[120];
char dest[120];
sprintf (src, "/tmp/%s", argv[1]);
sprintf (dest, "%s%s", argv[2], argv[1]);
printf("src: %s<br>\n", src);
printf("dest: %s<br>\n", dest);
if((in_fp = (FILE*) fopen(src,"r")) == NULL)
{
printf("Couldn' t open %s for reading\n", src);
exit(0);
}
if((out_fp = (FILE*) fopen(dest,"w") ) == NULL)
{
printf("Couldn' t open %s for writing\n", dest);
exit(0);
}
int lcnt=0;
while((ch = (int) fgetc(in_fp)) != EOF)
{
fputc(ch, out_fp);
}
fclose(in_fp);
fclose(out_fp);
}
==== bash ====
make mycp ## make while logged in as username
chmod a+s mycp
whileone wrote:
>
<?php
if($_SESSION['loggedin']) ///use some sort of a password mechanism
system("/home/username/public_html/mycp " . $_GET['wfile'] . " " .
dirname($_SERVE R['SCRIPT_FILENAM E'])."/" . " dbg");
?>
====== mycp.c =======
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
void useage()
{
printf ("use: mycp sourcefile outputfile\n");
exit(0);
}
int main (int argc, char *argv[])
{
unsigned ch;
FILE *in_fp, *out_fp;
if(argc < 3)
useage();
char src[120];
char dest[120];
sprintf (src, "/tmp/%s", argv[1]);
sprintf (dest, "%s%s", argv[2], argv[1]);
printf("src: %s<br>\n", src);
printf("dest: %s<br>\n", dest);
if((in_fp = (FILE*) fopen(src,"r")) == NULL)
{
printf("Couldn' t open %s for reading\n", src);
exit(0);
}
if((out_fp = (FILE*) fopen(dest,"w") ) == NULL)
{
printf("Couldn' t open %s for writing\n", dest);
exit(0);
}
int lcnt=0;
while((ch = (int) fgetc(in_fp)) != EOF)
{
fputc(ch, out_fp);
}
fclose(in_fp);
fclose(out_fp);
}
==== bash ====
make mycp ## make while logged in as username
chmod a+s mycp
How is this going to do anything to help him? And what does this have
to do with PHP?
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
==== bash ====
make mycp ## make while logged in as username
chmod a+s mycp
How is this going to do anything to help him? And what does this have
to do with PHP?
mycp runs setuid to the owner of the local /home/username/public_html
directory. mycp is installed inside that public_html.
A *PHP* upload script deposits the uploaded file in /tmp/
The *PHP* at the top of the previous post invokes `mycp` with a system
call,
which copies the recently uploaded file in /tmp/ to the local_public
html.....so the copied file belongs to the local owner (as specified)
and so public_html DOES NOT REQUIRE 777 permissions, as originally
specified. That was the requirement, no?
whileone wrote:
>>==== bash ====
make mycp ## make while logged in as username
chmod a+s mycp
How is this going to do anything to help him? And what does this have
to do with PHP?
mycp runs setuid to the owner of the local /home/username/public_html
directory. mycp is installed inside that public_html.
So?
>
A *PHP* upload script deposits the uploaded file in /tmp/
Eventually. It depends on the webserver. Sometimes it's not physically
there until the script ends.
The *PHP* at the top of the previous post invokes `mycp` with a system
call,
which copies the recently uploaded file in /tmp/ to the local_public
html.....so the copied file belongs to the local owner (as specified)
and so public_html DOES NOT REQUIRE 777 permissions, as originally
specified. That was the requirement, no?
Often times people do not have exec/system privileges, especially on
shared systems. Also, most shared hosts will NOT allow them to install
executables on the system.
Finally, this will run under the same userid as the PHP script. If you
can't do it with the PHP script, you can't do it with this program.
>
move_uploaded_f ile() works fine, and is the correct function to use.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
No, move uploaded file means the file will belong
to the apache pseudo user. So the local directory
has to be set to 777 to allow that. This is the problem
the original question wanted to overcome.
The c-code above can be set to run setuid to the local
user, so the file belongs to the owner. That may
not be the only possible solution, but it is a solution.
Hey, just curious. Do you still think the current
state of the economy can be attributed to Bush's
tax cuts and other policies? As you did a half
a year ago? ......just wondering.
whileone wrote:
No, move uploaded file means the file will belong
to the apache pseudo user. So the local directory
has to be set to 777 to allow that. This is the problem
the original question wanted to overcome.
Yes, and thats exactly the user which will be used to execute your code.
And no, you obviously don't understand Linux security. NONE of my
systems use 777 for the files, but all can be uploaded where necessary.
The c-code above can be set to run setuid to the local
user, so the file belongs to the owner. That may
not be the only possible solution, but it is a solution.
Not on a shared server, and not unless you have root access to set up
the setuid. But if that's the case, you can let PHP do the setuid instead.
Hey, just curious. Do you still think the current
state of the economy can be attributed to Bush's
tax cuts and other policies? As you did a half
a year ago? ......just wondering.
Sorry, I won't have a battle of wits with one who is so defenseless.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ralph Freshour |
last post by:
I'm trying to code the ability for my users to upload up to photo's to
mysql database - can someone point me in the right direction as to how
this might be done in php? Perhaps a tutorial or some code samples?
My two php books don't cover uploading photo's to a web site.
Thanks...
|
by: -Jim |
last post by:
I've been looking for a solution for this for a bit... I decided to
just try and copy and paste the solution from php.net to try and still
nothing.
//theUpload.php
<?php
echo"<form enctype=\"multipart/form-data\" action=\"result.php\"
method=\"post\">";
echo" <input type=\"hidden\" name=\"MAX_FILE_SIZE\"
|
by: Roger Withnell |
last post by:
I would like to check that an image file, selected by a user using
fileUpload, is within certain parameters (width, height, filesize) and to
display the image file so that the user can see the correct image has been
chosen, before uploading it to the server.
http://www.your-community.co.uk/TestImageArray.asp is an extract of the
basic functions which work in IE but not in NN (the alerts are just tests to
see what is going on).
It...
|
by: monomaniac21 |
last post by:
Hi all when using a very simple upload script that I know has worked in
the past i get this errror on a server:
Warning: move_uploaded_file(/home/folder/public_html/image/advert.jpg):
failed to open stream: Permission denied in
/home/folder/public_html/admin/edit.php on line 68
Warning: move_uploaded_file(): Unable to move '/tmp/phpNzNVd5' to
'/home/folder/public_html/image/advert.jpg' in
/home/pronta/public_html/admin/edit.php on...
|
by: mrityunjay11 |
last post by:
my ccode goes as such
this is php_dbi.php
<?
function dbi_connect ( $host, $login, $password, $database ) {
if ( strcmp ( $GLOBALS, "mysql" ) == 0 ) {
$c = mysql_pconnect ( "192.168.100.3", $login, $password );
if ( $c ) {
if ( ! mysql_select_db ( $database ) )
| | |
by: sickboy |
last post by:
$channels=$_GET; if (empty($channels)) { $channels='blank'; } changechannels($channels);
$theatre=$_GET; if (empty($theatre)) { $theatre='splash'; } changetheatre($theatre);
$info=$_GET; if (empty($info)) { $info='noinfo'; } changeinfo($info);
Hey everyone,
I keep getting an error regarding the above code. These are the errors:
Notice: Undefined index: channels in /home/forcefed/public_html/index.php on line 5
|
by: ganesanji |
last post by:
hi all,
I have written a php coding for uploading a file to a specific folder or location in
server which is a Linux server. I think the coding for file uploaing is correct.
But it does not work properly. That means the file is not uploaded to the specified location. It always executes the "else" condition in my coding.
I think the problem is lieing in the specifed path which is the target path for file uploading. I could not find out...
|
by: goodguyjam |
last post by:
Hi again. I now get the above error with the exact same code as in my previous question. All I did was to rearrange the lines...no code changes...help!
To assist you experts, line 11 contains this code - header(‘WWW-Authenticate: Basic realm=”secret section”’);
Then when I remove the colon, I get a new error - syntax error, unexpected T_STRING in /home/allummfa/public_html/auth.php on line 11.
This code is supposed to tell the web server to...
|
by: goodguyjam |
last post by:
Hi all,
I'm having trouble with mysql.
I've just finished my php coding for HTTP authentication and with some help am now getting a login window pop up whenever I click on a link on my website that directs to Auth.php.
The code for this is below:
<?php
/* Program: Auth.php
* Desc: Program that prompts for a user name and
* password from the user using HTTP authentication.
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
