471,578 Members | 1,513 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,578 software developers and data experts.

imagejpg & safe mode & chmod()

Rik
Hello,

first of all, my provider sucks, newsserver is down for the #nth time
now, offcourse when I have an urgent question.... So this will be me
first time using Google Groups, forgive me if something goes wrong.

The problem at hand:
In a restricted area I let a user upload an image, no problem
The image gets scaled down with imagecopyresampled(), and stored with
imagejpeg($resized_img,'/path/to/target/image.jpg')

Problem is: because of safe_mode restrictions I cannot access it from
the server, only by http://domain.com/images/new_image.jpg.
I've tried:
imagejpeg($resized_img,'/path/to/target/image.jpg')
directly followed by:
chmod('/path/to/target/image.jpg',0777);

But the same script is also refused chmod().... It should be the same
user that creates the file, but unfortunately safe_mode won't let me
chmod() it.

I'm using referring to the image later on by the URL instead of the
/path/ as a temporary solution to make it work, but now the script
doesn't have any permission to unlink() the file at a later stage,
which is functionality I desperately need. How will I be able to
achieve this?

I thought bout using an FTP connection as a temporary measure, but no
go there:
24-05-06 17:50:55 SITE CHMOD 777 /path/to/image.jpg
24-05-06 17:50:55 550 /path/to/image.jpg: Operation not permitted.

The only solution I can think of right now is to catch imagejpg() in an
output buffer, don't use the filesystem but an ftp-connection to save
the file, and chmod it by ftp afterwards. An ugly solution, but the
only thing workable right now...

phpinfo():
open_basedir /home/user no value
safe_mode On On
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value

Yes I have suggested moving to other hosting, no go there.. Changing
basic php.ini settings is unfortunately not an option.

May 24 '06 #1
3 4570
"Rik" <go****@tfwasmus.enschedenet.nl> writes:
The problem at hand:
In a restricted area I let a user upload an image, no problem
The image gets scaled down with imagecopyresampled(), and stored with
imagejpeg($resized_img,'/path/to/target/image.jpg')

Problem is: because of safe_mode restrictions I cannot access it from
the server, only by http://domain.com/images/new_image.jpg.
I've tried:
imagejpeg($resized_img,'/path/to/target/image.jpg')
directly followed by:
chmod('/path/to/target/image.jpg',0777);

But the same script is also refused chmod().... It should be the same
user that creates the file, but unfortunately safe_mode won't let me
chmod() it.

I'm using referring to the image later on by the URL instead of the
/path/ as a temporary solution to make it work, but now the script
doesn't have any permission to unlink() the file at a later stage,
which is functionality I desperately need. How will I be able to
achieve this?

I thought bout using an FTP connection as a temporary measure, but no
go there:
24-05-06 17:50:55 SITE CHMOD 777 /path/to/image.jpg
24-05-06 17:50:55 550 /path/to/image.jpg: Operation not permitted.

The only solution I can think of right now is to catch imagejpg() in an
output buffer, don't use the filesystem but an ftp-connection to save
the file, and chmod it by ftp afterwards. An ugly solution, but the
only thing workable right now...

phpinfo():
open_basedir /home/user no value
safe_mode On On
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value


I'm not sure how you are setup by your description above.
Your provider may have opened some permissions for you on the current
directory you are uploading to? Normally, assuming PHP is run as a
module in Apache, your scripts will execute as the Apache user and any
file uploaded will be owned by the Apache user. If your visitors are
able to upload files, either the directory is owned by Apache - or -
it is owned by you with open write permissions to anyone.

Any attempt to access the file through PHP would fail after
that if safe_mode is On, because your script has a different owner
than the file you want to access. Any attempt at chmod, from FTP
or even the command line would fail since you do not own the file.
However, and I'm pretty sure of this, if you own the directories,
you are allowed to do a 'rename' and move the file from a directory
you own to another -- or even delete the file from the directory.
Please confirm who owns the files after they are uploaded, and
who the directory owner is and directory permmissions.

--
John
__________________________________________________ _________________
John Murtari Software Workshop Inc.
jmurtari@following domain 315.635-1968(x-211) "TheBook.Com" (TM)
http://thebook.com/
May 24 '06 #2
Rik
Hmmmz, newsserver was up for a minute, then down again, oh well:

The exact way thing are made now:

In the object handling the post:

if(!file_exists($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id)){
$makedir = mkdir($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
if(!$makedir){
$this->set_error('Could not make directory.');
return false;
}
$chmoddir = chmod($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
if(!$chmoddir){
$this->set_error('Could not set dir's permission');
return false;
}
}
foreach($_FILES as $file){
$imagehandler->handle($file['tmp_name'],
$_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id,$file['name']);
}

$imagehandler is another object, which basically validates, resizes and
then:
imagejpeg($new, $targetdir.'/'.$targetname);

Instead of this, I've trief touch($targetdir.'/'.$targetname), which
already gives an error.

It seems the same script which has created a dir has limited
permissions in that dir?

I've used this testscript to check some things:

<pre>
<?php
error_reporting(E_ALL);

$dir = $_SERVER['DOCUMENT_ROOT'].'/images/houses/242';
$file = '/Logo2.jpg';
$filegroupdir = filegroup ($dir.'/');
$filegroupfile = filegroup ($dir.$file);
$userdir = fileowner($dir.'/');
$userfile = fileowner($dir.$file);

echo "Own group:".posix_getegid();
print_r(posix_getgrgid(posix_getegid()));
echo "Own user:".posix_geteuid();
print_r(posix_getpwuid(posix_geteuid()));

echo "Dir group: ".$filegroupdir;
print_r(posix_getgrgid($filegroupdir));
echo "File group: ".$filegroupfile;
print_r(posix_getgrgid($filegroupfile));

echo "Dir user: ".$userdir;
print_r(posix_getpwuid($filegroupdir));
echo "File user: ".$userfile;
print_r(posix_getpwuid($filegroupfile));
?>
</pre>

Which outputs:
Warning: filegroup(): SAFE MODE Restriction in effect. The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 8

Warning: fileowner(): SAFE MODE Restriction in effect. The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 10
Own group:65534Array
(
[name] => nobody
[passwd] => *
[members] => Array
(
)

[gid] => 65534
)
Own user:65534Array
(
[name] => nobody
[passwd] => *
[uid] => 65534
[gid] => 65534
[gecos] => Unprivileged user
[dir] => /usr/nobody
[shell] => /sbin/nologin
)
Dir group: 1004Array
(
[name] => group
[passwd] => *
[members] => Array
(
)

[gid] => 1004
)
File group: -snip false-
Dir user: 65534Array
(
[name] => 25m_user
[passwd] => *
[uid] => 1004
[gid] => 1004
[gecos] => User &
[dir] => /home/25m_user
[shell] => /usr/bin/true
)
File user: -snip false-

On trying to delete the image:
Warning: unlink(): SAFE MODE Restriction in effect. The script whose
uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534

I am very, very confused. I'll have to read up on file/userpermissions
I believe.
Everthing seems to result from a dynamically created dir, in which te
script can write, until it is terminated. Userfilowner seems the same
as myself, but not as the script...

Standard solution as touch($file) before($img,$file) won't work
either...
I'll try creating chmodding only the directory with FTP, and saving the
images dynamically. I'll keep you updated.

Grtz,
--
Rik Wasmus

May 24 '06 #3
Rik
Letting the script connect by FTP and creating & chmodding the
direcotiry like that will indeed make it possible to access the files
locally or unlink()ing them.

A very ugly solution IMHO, but at this time I'm just relieved that
works.

I really should set up a server with that detestable safe_mode locally
here, this isn't funny when you're supposed to have a finished
product..

I'll be using this snippet at home from now on a think:
<?php
$list = ini_get_all();
$phpini = '';
foreach($list as $name => $setting){
if($setting['access'] > 3){
$phpini = $name.' = '.$setting['local_value'],"\n";
}
}
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="php.ini"');
echo $phpini;
?>

May 24 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Daniel | last post: by
2 posts views Thread by R. Rajesh Jeba Anbiah | last post: by
1 post views Thread by while_1 | last post: by
3 posts views Thread by Jeremy Shovan | last post: by
4 posts views Thread by pdav | last post: by
2 posts views Thread by Joseph S. | last post: by
4 posts views Thread by António Pinho | last post: by
reply views Thread by Chris | last post: by
reply views Thread by XIAOLAOHU | last post: by
1 post views Thread by lumer26 | last post: by
reply views Thread by lumer26 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.