September 23rd, 2000, 10:28 PM
Okay, I've got a directory homes/
Within homes/ PHP creates a directory, it's an integer such as homes/999 or homes/345. Within that new directory, PHP uploads some graphics, .gif or .jpg.
The problem is, that directory and all those graphics are now "owned" by PHP, usually running as nobody or www. I can't delete them or copy them.
I've tried running a chown() within PHP to make myself the owner, but I get "operation not allowed".
The only solution I've found so far is to set umask(0), so that the directory and graphics have 777 permissions. I don't think that's very safe, though, is it?
Does anyone have any suggestions. I want to be able to delete or copy the files like they are mine, but only me or my group. I'm not running the server myself, but those who are seem willing to work with me.
[This message has been edited by SepodatiCreations (edited September 23, 2000).]
September 24th, 2000, 04:26 AM
>>The only solution I've found so far is to set umask(0), so that the directory
>>and graphics have 777 permissions.
Just chmod them to 777 for now and delete your unwanted files with a PHP script.
>> I don't think that's very safe, though, is it?
BTW, anyone on your same server can rwx to your directory anyway. So in an insecure public hosting, that is safe enough and you can't worry about that too much. At this moment, just delete your unwanted dirs.
September 24th, 2000, 06:15 AM
Firstly I have created an upload script for a customer, the directory has to be chmod 777 but
exec("chown username.users /pathto/$file_name");
works fine to chane the owner
and as for :-
[BTW, anyone on your same server can rwx to your directory anyway.]
Thats not true. If the server is setup correctly nobody can read other peoples files. Shared servers are secure if the people that run them understand security!
Darren http://www.php4hosting.com/ $ http://www.php4hosting.co.uk/ £
September 24th, 2000, 06:39 PM
darren, can you explain to us how we can have a file that is private to one user/group and at the same time accessible by the webserver? from my recent research i have not found this to be possible except by using perl and suEXEC -- iow, no PHP
September 25th, 2000, 01:20 AM
>>If the server is setup correctly nobody can read other peoples files
If that is the case, you yourself would get a 403 error since Apache can't even read it. On the other hand, if Apache can read it, everyone on the same server can.
>>Shared servers are secure if the people that run them understand security!
Likewise, for those who understand security can do all kind of bad things. This makes shared servers insecure enough.
I don't care if you run http://www.php4hosting.com/. If I have an account there, every files in other members dirs are under my control.
September 26th, 2000, 03:18 AM
I don't know if this would help, but did you try using unlink()??
I would think that since PHP is the owner, that a little utility from PHP that removed the file, would be the answer.
Granted, I've never encountered this, well once with a guy who was hosted by media 3, of course it was a perl script that had a similar problem, and what it boiled down to was the host had the server configured in such a way to prevent users(customers) from
setting their own "mods" on files..
So the script or the server claimed ownership of everything.. the only way around it was to create a small utility script.. or call the host..
some hosts don't seem to trust their customers..
Low Cost Hosting and Web Development.