(PHP 4.3.4) THIS IS DRIVING ME NUTS!
I have a website where I offer members their own bit of webspace to use and
am coding a very simple 'filemanager' that allows a user to upload, delete,
and edit text files (members, of course, will not have normal sign-on FTP
access to the site - I just limit them to their own folder space). I'm
hitting a real problem with file and directory permissions, in that it seems
I'm experiencing inconsistancies with my permissions when the user attempts
to edit these files.
One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words, if
I log on through FTP and upload a file, it has 644 permissions which allow
writes only for the 'owner' of that file. When someone is running my simple
script, that someone is seen as 'other' (?) and therefore does not have
write permissions and will not be allowed to edit the file. However, if
someone uploads a file through my simple script, again the file gets 644
permissions but now the 'owner' of the file is not an FTP sign-on user, but
some 'other' (less exalted) user. Thus when this same someone is then trying
to edit the file via my simple script, he IS permitted to do so since the 6
in the same 644 permissions now applies to him, since an 'other' was the
creator (thus 'owner') of the file. ????????????????? ARGH!!!
I seem to be getting quite maddening inconsistancies in testing this out. If
any one can tell me some simple facts about how's the best way to do this
(allow general users of my site to manage their own little webspace), I
would be forever in their debt...
-dg
3  2947 
dan glenn wrote: (PHP 4.3.4) THIS IS DRIVING ME NUTS!
I have a website where I offer members their own bit of webspace to use and
am coding a very simple 'filemanager' that allows a user to upload, delete,
and edit text files (members, of course, will not have normal sign-on FTP
access to the site - I just limit them to their own folder space). I'm
hitting a real problem with file and directory permissions, in that it seems
I'm experiencing inconsistancies with my permissions when the user attempts
to edit these files.
One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words, if
I log on through FTP and upload a file, it has 644 permissions which allow
writes only for the 'owner' of that file. When someone is running my simple
script, that someone is seen as 'other' (?) and therefore does not have
write permissions and will not be allowed to edit the file. However, if
someone uploads a file through my simple script, again the file gets 644
permissions but now the 'owner' of the file is not an FTP sign-on user, but
some 'other' (less exalted) user. Thus when this same someone is then trying
to edit the file via my simple script, he IS permitted to do so since the 6
in the same 644 permissions now applies to him, since an 'other' was the
creator (thus 'owner') of the file. ????????????????? ARGH!!!
I seem to be getting quite maddening inconsistancies in testing this out. If
any one can tell me some simple facts about how's the best way to do this
(allow general users of my site to manage their own little webspace), I
would be forever in their debt...
-dg
Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.
If you truly do not understand security concepts and their
ramifications, then I would suggest doing so before you make changes
that would make your site vulnerable.
Michael.
Michael Austin wrote:
[snip] One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words,
if I log on through FTP and upload a file, it has 644 permissions which
allow writes only for the 'owner' of that file. When someone is running
my simple script, that someone is seen as 'other' (?) and therefore does
not have write permissions and will not be allowed to edit the file.
However, if someone uploads a file through my simple script, again the
file gets 644 permissions but now the 'owner' of the file is not an FTP
sign-on user, but some 'other' (less exalted) user. Thus when this same
someone is then trying to edit the file via my simple script, he IS
permitted to do so since the 6 in the same 644 permissions now applies to
him, since an 'other' was the creator (thus 'owner') of the file.
[snip]
Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.
[snip]
When you upload a file using a PHP script the file permissions of the file
are those of the user and group the *webserver* runs as. In a lot of
hosting environments this is something like nobody:nobody or apache:apache
and will *not* be the user who has FTP access to that particular site.
When you upload using FTP, the user and group are set as the user who is
logged in to the FTP server.
--
Chris Hope
The Electric Toolbox - http://www.electrictoolbox.com/
"Chris Hope" <ch***@electrictoolbox.com> wrote in message
news:10**************@216.128.74.129... Michael Austin wrote:
[snip]
One question I need answered: does the server side some how keep track
of 'who' originally created a file or folder ('owner', 'group', 'other'),
so that there would be a difference in later trying to apply a
script-coded CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other
words, if I log on through FTP and upload a file, it has 644 permissions which
allow writes only for the 'owner' of that file. When someone is running
my simple script, that someone is seen as 'other' (?) and therefore
does not have write permissions and will not be allowed to edit the file.
However, if someone uploads a file through my simple script, again the
file gets 644 permissions but now the 'owner' of the file is not an FTP
sign-on user, but some 'other' (less exalted) user. Thus when this same
someone is then trying to edit the file via my simple script, he IS
permitted to do so since the 6 in the same 644 permissions now applies
to him, since an 'other' was the creator (thus 'owner') of the file.
[snip]
Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.
[snip]
When you upload a file using a PHP script the file permissions of the file
are those of the user and group the *webserver* runs as. In a lot of
hosting environments this is something like nobody:nobody or apache:apache
and will *not* be the user who has FTP access to that particular site.
When you upload using FTP, the user and group are set as the user who is
logged in to the FTP server.
--
Chris Hope
The Electric Toolbox - http://www.electrictoolbox.com/
OK - I think I get it now.
* When I upload a file with FTP, I get an 'owner'
of 'bsanghan', and a 'group' of 'bsanghan'.
* When I upload a file with PHP, I get an 'owner'
of '80', and a 'group' of 'bsanghan'.
At least, those are the names I can view with SmartFTP, turning on the
viewing of OWNER and GROUP designations in its view pane. My webhost file
manager doesn't even tell me who it sees as the owner of a file
(ipowerweb.com is hosting my site).
My frustration has been that the files I have on the site in these locations
were for the most part uploaded by FTP, thus owner = 'bsanghan'. When users
upload files on their own through my PHP script, those files will have this
'80' name as 'owner', which was causing the 'inconsistancies' with access
permissions in comparison to the other files.
There isn't any way I can change the 'owner' designation of a file on my
site through FTP, is there?
-dg This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Fronq |
last post by:
Hi !
The entire (PHP-) world seems to have the same problem:
Many providers let you upload as one user, lets say "ftpuser", yet then
apache and your script will run as another user e.g....
|
by: Ask Josephsen |
last post by:
Hi NG
If I write the following:
<?php
$file="myfile.JPG";
if ( getmyuid()==fileowner ( $file ) )
{
chgrp ( $file, getmygid() );
chown ( $file, getmyuid() );
|
by: Chung Leong |
last post by:
I'm just throwing this question out here as there hasn't been much
discussion recently on the topic of shared hosting. Most people, it seems,
just assume that it's secured. Companies don't sell...
|
by: Stewart |
last post by:
Hi, I'm working on a program in VC++ right now that needs to set file
permissions of a given file to 766 (read/write/execute). Now I've found
the _chmod() function in the API help docs, but that...
|
by: Stephen |
last post by:
Hi All!
This really is a file permissions problem ... although I'm not sure how
to solve it. Any assistance would be greatly appreciated.
I have a series of load balanced servers. Each of...
|
by: webhead |
last post by:
I have a web where users can upload photos, but they want to also be able to delete them. The directory can have chmod changes but it won't let me chmod the files and unlink them. I'm assuming it...
|
by: frizzle |
last post by:
Hi,
I am at the base of an FTP thingy i'm building, and i noticed that
it would only work if i chmod the folder 777, i thought to remember
correctly that previously on another site chmod 744 was...
|
by: foekall |
last post by:
I used this script and test on my hosting.
Evertimes appear "change permission to 777 failed. ".
So, how to solve this error.
Please kindly check for me and teach me.
<?php
$MAX_SIZE =...
|
by: lawrence k |
last post by:
I've a simple script to transfer some files from one domain to
another, with both domains living on the same server. The files in
both directories are already chmod 777. Yet after transfer, I try...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
