By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,890 Members | 1,048 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,890 IT Pros & Developers. It's quick & easy.

impossible for 'other' user to chmod files?

P: n/a
(PHP 4.3.4) THIS IS DRIVING ME NUTS!

I have a website where I offer members their own bit of webspace to use and
am coding a very simple 'filemanager' that allows a user to upload, delete,
and edit text files (members, of course, will not have normal sign-on FTP
access to the site - I just limit them to their own folder space). I'm
hitting a real problem with file and directory permissions, in that it seems
I'm experiencing inconsistancies with my permissions when the user attempts
to edit these files.

One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words, if
I log on through FTP and upload a file, it has 644 permissions which allow
writes only for the 'owner' of that file. When someone is running my simple
script, that someone is seen as 'other' (?) and therefore does not have
write permissions and will not be allowed to edit the file. However, if
someone uploads a file through my simple script, again the file gets 644
permissions but now the 'owner' of the file is not an FTP sign-on user, but
some 'other' (less exalted) user. Thus when this same someone is then trying
to edit the file via my simple script, he IS permitted to do so since the 6
in the same 644 permissions now applies to him, since an 'other' was the
creator (thus 'owner') of the file. ????????????????? ARGH!!!

I seem to be getting quite maddening inconsistancies in testing this out. If
any one can tell me some simple facts about how's the best way to do this
(allow general users of my site to manage their own little webspace), I
would be forever in their debt...

-dg
Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
dan glenn wrote:
(PHP 4.3.4) THIS IS DRIVING ME NUTS!

I have a website where I offer members their own bit of webspace to use and
am coding a very simple 'filemanager' that allows a user to upload, delete,
and edit text files (members, of course, will not have normal sign-on FTP
access to the site - I just limit them to their own folder space). I'm
hitting a real problem with file and directory permissions, in that it seems
I'm experiencing inconsistancies with my permissions when the user attempts
to edit these files.

One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words, if
I log on through FTP and upload a file, it has 644 permissions which allow
writes only for the 'owner' of that file. When someone is running my simple
script, that someone is seen as 'other' (?) and therefore does not have
write permissions and will not be allowed to edit the file. However, if
someone uploads a file through my simple script, again the file gets 644
permissions but now the 'owner' of the file is not an FTP sign-on user, but
some 'other' (less exalted) user. Thus when this same someone is then trying
to edit the file via my simple script, he IS permitted to do so since the 6
in the same 644 permissions now applies to him, since an 'other' was the
creator (thus 'owner') of the file. ????????????????? ARGH!!!

I seem to be getting quite maddening inconsistancies in testing this out. If
any one can tell me some simple facts about how's the best way to do this
(allow general users of my site to manage their own little webspace), I
would be forever in their debt...

-dg

Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.

If you truly do not understand security concepts and their
ramifications, then I would suggest doing so before you make changes
that would make your site vulnerable.

Michael.
Jul 17 '05 #2

P: n/a
Michael Austin wrote:

[snip]
One question I need answered: does the server side some how keep track of
'who' originally created a file or folder ('owner', 'group', 'other'), so
that there would be a difference in later trying to apply a script-coded
CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words,
if I log on through FTP and upload a file, it has 644 permissions which
allow writes only for the 'owner' of that file. When someone is running
my simple script, that someone is seen as 'other' (?) and therefore does
not have write permissions and will not be allowed to edit the file.
However, if someone uploads a file through my simple script, again the
file gets 644 permissions but now the 'owner' of the file is not an FTP
sign-on user, but some 'other' (less exalted) user. Thus when this same
someone is then trying to edit the file via my simple script, he IS
permitted to do so since the 6 in the same 644 permissions now applies to
him, since an 'other' was the creator (thus 'owner') of the file.

[snip]
Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.


[snip]

When you upload a file using a PHP script the file permissions of the file
are those of the user and group the *webserver* runs as. In a lot of
hosting environments this is something like nobody:nobody or apache:apache
and will *not* be the user who has FTP access to that particular site.

When you upload using FTP, the user and group are set as the user who is
logged in to the FTP server.

--
Chris Hope
The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #3

P: n/a

"Chris Hope" <ch***@electrictoolbox.com> wrote in message
news:10**************@216.128.74.129...
Michael Austin wrote:

[snip]
One question I need answered: does the server side some how keep track of 'who' originally created a file or folder ('owner', 'group', 'other'), so that there would be a difference in later trying to apply a script-coded CHMOD or file-open (script-coded would be 'other'-activity) on a file
originally uploaded by sign-on FTP ('owner'-created)??? In other words, if I log on through FTP and upload a file, it has 644 permissions which
allow writes only for the 'owner' of that file. When someone is running
my simple script, that someone is seen as 'other' (?) and therefore does not have write permissions and will not be allowed to edit the file.
However, if someone uploads a file through my simple script, again the
file gets 644 permissions but now the 'owner' of the file is not an FTP
sign-on user, but some 'other' (less exalted) user. Thus when this same
someone is then trying to edit the file via my simple script, he IS
permitted to do so since the 6 in the same 644 permissions now applies to him, since an 'other' was the creator (thus 'owner') of the file.


[snip]
Yes, the server always knows "who" created a file... a simple 'ls -la'
will tell you. If the user is not the owner or in the group of the
owner and and the user mask is 644, then the user only has READ privs.


[snip]

When you upload a file using a PHP script the file permissions of the file
are those of the user and group the *webserver* runs as. In a lot of
hosting environments this is something like nobody:nobody or apache:apache
and will *not* be the user who has FTP access to that particular site.

When you upload using FTP, the user and group are set as the user who is
logged in to the FTP server.

--
Chris Hope
The Electric Toolbox - http://www.electrictoolbox.com/


OK - I think I get it now.

* When I upload a file with FTP, I get an 'owner'
of 'bsanghan', and a 'group' of 'bsanghan'.
* When I upload a file with PHP, I get an 'owner'
of '80', and a 'group' of 'bsanghan'.

At least, those are the names I can view with SmartFTP, turning on the
viewing of OWNER and GROUP designations in its view pane. My webhost file
manager doesn't even tell me who it sees as the owner of a file
(ipowerweb.com is hosting my site).

My frustration has been that the files I have on the site in these locations
were for the most part uploaded by FTP, thus owner = 'bsanghan'. When users
upload files on their own through my PHP script, those files will have this
'80' name as 'owner', which was causing the 'inconsistancies' with access
permissions in comparison to the other files.

There isn't any way I can change the 'owner' designation of a file on my
site through FTP, is there?

-dg

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.