imagejpg & safe mode & chmod()

"Rik" <go****@tfwasmus.enschedenet.nl> writes:

The problem at hand:
In a restricted area I let a user upload an image, no problem
The image gets scaled down with imagecopyresampled(), and stored with
imagejpeg($resized_img,'/path/to/target/image.jpg')

Problem is: because of safe_mode restrictions I cannot access it from
the server, only by http://domain.com/images/new_image.jpg.
I've tried:
imagejpeg($resized_img,'/path/to/target/image.jpg')
directly followed by:
chmod('/path/to/target/image.jpg',0777);

But the same script is also refused chmod().... It should be the same
user that creates the file, but unfortunately safe_mode won't let me
chmod() it.

I'm using referring to the image later on by the URL instead of the
/path/ as a temporary solution to make it work, but now the script
doesn't have any permission to unlink() the file at a later stage,
which is functionality I desperately need. How will I be able to
achieve this?

I thought bout using an FTP connection as a temporary measure, but no
go there:
24-05-06 17:50:55 SITE CHMOD 777 /path/to/image.jpg
24-05-06 17:50:55 550 /path/to/image.jpg: Operation not permitted.

The only solution I can think of right now is to catch imagejpg() in an
output buffer, don't use the filesystem but an ftp-connection to save
the file, and chmod it by ftp afterwards. An ugly solution, but the
only thing workable right now...

phpinfo():
open_basedir /home/user no value
safe_mode On On
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin
safe_mode_gid Off Off
safe_mode_include_dir no value no value

I'm not sure how you are setup by your description above.
Your provider may have opened some permissions for you on the current
directory you are uploading to? Normally, assuming PHP is run as a
module in Apache, your scripts will execute as the Apache user and any
file uploaded will be owned by the Apache user. If your visitors are
able to upload files, either the directory is owned by Apache - or -
it is owned by you with open write permissions to anyone.

Any attempt to access the file through PHP would fail after
that if safe_mode is On, because your script has a different owner
than the file you want to access. Any attempt at chmod, from FTP
or even the command line would fail since you do not own the file.
However, and I'm pretty sure of this, if you own the directories,
you are allowed to do a 'rename' and move the file from a directory
you own to another -- or even delete the file from the directory.
Please confirm who owns the files after they are uploaded, and
who the directory owner is and directory permmissions.

--
John
__________________________________________________ _________________
John Murtari Software Workshop Inc.
jmurtari@following domain 315.635-1968(x-211) "TheBook.Com" (TM)
http://thebook.com/

Hmmmz, newsserver was up for a minute, then down again, oh well:

The exact way thing are made now:

In the object handling the post:

if(!file_exists($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id)){
$makedir = mkdir($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
if(!$makedir){
$this->set_error('Could not make directory.');
return false;
}
$chmoddir = chmod($_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id, 0777);
if(!$chmoddir){
$this->set_error('Could not set dir's permission');
return false;
}
}
foreach($_FILES as $file){
$imagehandler->handle($file['tmp_name'],
$_SERVER['DOCUMENT_ROOT'].'/path/to/'.$id,$file['name']);
}

$imagehandler is another object, which basically validates, resizes and
then:
imagejpeg($new, $targetdir.'/'.$targetname);

Instead of this, I've trief touch($targetdir.'/'.$targetname), which
already gives an error.

It seems the same script which has created a dir has limited
permissions in that dir?

I've used this testscript to check some things:

<pre>
<?php
error_reporting(E_ALL);

$dir = $_SERVER['DOCUMENT_ROOT'].'/images/houses/242';
$file = '/Logo2.jpg';
$filegroupdir = filegroup ($dir.'/');
$filegroupfile = filegroup ($dir.$file);
$userdir = fileowner($dir.'/');
$userfile = fileowner($dir.$file);

echo "Own group:".posix_getegid();
print_r(posix_getgrgid(posix_getegid()));
echo "Own user:".posix_geteuid();
print_r(posix_getpwuid(posix_geteuid()));

echo "Dir group: ".$filegroupdir;
print_r(posix_getgrgid($filegroupdir));
echo "File group: ".$filegroupfile;
print_r(posix_getgrgid($filegroupfile));

echo "Dir user: ".$userdir;
print_r(posix_getpwuid($filegroupdir));
echo "File user: ".$userfile;
print_r(posix_getpwuid($filegroupfile));
?>
</pre>

Which outputs:
Warning: filegroup(): SAFE MODE Restriction in effect. The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 8

Warning: fileowner(): SAFE MODE Restriction in effect. The script
whose uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534 in /home/user/path/tesst.php on line 10
Own group:65534Array
(
[name] => nobody
[passwd] => *
[members] => Array
(
)

[gid] => 65534
)
Own user:65534Array
(
[name] => nobody
[passwd] => *
[uid] => 65534
[gid] => 65534
[gecos] => Unprivileged user
[dir] => /usr/nobody
[shell] => /sbin/nologin
)
Dir group: 1004Array
(
[name] => group
[passwd] => *
[members] => Array
(
)

[gid] => 1004
)
File group: -snip false-
Dir user: 65534Array
(
[name] => 25m_user
[passwd] => *
[uid] => 1004
[gid] => 1004
[gecos] => User &
[dir] => /home/25m_user
[shell] => /usr/bin/true
)
File user: -snip false-

On trying to delete the image:
Warning: unlink(): SAFE MODE Restriction in effect. The script whose
uid is 1149 is not allowed to access /home/user/path/to/image.jpg
owned by uid 65534

I am very, very confused. I'll have to read up on file/userpermissions
I believe.
Everthing seems to result from a dynamically created dir, in which te
script can write, until it is terminated. Userfilowner seems the same
as myself, but not as the script...

Standard solution as touch($file) before($img,$file) won't work
either...
I'll try creating chmodding only the directory with FTP, and saving the
images dynamically. I'll keep you updated.

Grtz,
--
Rik Wasmus

Letting the script connect by FTP and creating & chmodding the
direcotiry like that will indeed make it possible to access the files
locally or unlink()ing them.

A very ugly solution IMHO, but at this time I'm just relieved that
works.

I really should set up a server with that detestable safe_mode locally
here, this isn't funny when you're supposed to have a finished
product..

I'll be using this snippet at home from now on a think:
<?php
$list = ini_get_all();
$phpini = '';
foreach($list as $name => $setting){
if($setting['access'] > 3){
$phpini = $name.' = '.$setting['local_value'],"\n";
}
}
header('Content-type: text/plain');
header('Content-Disposition: attachment; filename="php.ini"');
echo $phpini;
?>