#1
  1. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,642
    Rep Power
    4476
    Okay, I've got a directory homes/

    Within homes/ PHP creates a directory, it's an integer such as homes/999 or homes/345. Within that new directory, PHP uploads some graphics, .gif or .jpg.

    The problem is, that directory and all those graphics are now "owned" by PHP, usually running as nobody or www. I can't delete them or copy them.

    I've tried running a chown() within PHP to make myself the owner, but I get "operation not allowed".

    The only solution I've found so far is to set umask(0), so that the directory and graphics have 777 permissions. I don't think that's very safe, though, is it?

    Does anyone have any suggestions. I want to be able to delete or copy the files like they are mine, but only me or my group. I'm not running the server myself, but those who are seem willing to work with me.

    Thanks.

    ---John Holmes...

    [This message has been edited by SepodatiCreations (edited September 23, 2000).]
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>The only solution I've found so far is to set umask(0), so that the directory
    >>and graphics have 777 permissions.

    Just chmod them to 777 for now and delete your unwanted files with a PHP script.

    >> I don't think that's very safe, though, is it?

    BTW, anyone on your same server can rwx to your directory anyway. So in an insecure public hosting, that is safe enough and you can't worry about that too much. At this moment, just delete your unwanted dirs.
  4. #3
  5. No Profile Picture
    Carpe Diem
    Guest
    Devshed Newbie (0 - 499 posts)
    Firstly I have created an upload script for a customer, the directory has to be chmod 777 but
    exec("chown username.users /pathto/$file_name");
    works fine to chane the owner

    and as for :-
    [BTW, anyone on your same server can rwx to your directory anyway.]

    Thats not true. If the server is setup correctly nobody can read other peoples files. Shared servers are secure if the people that run them understand security!

    Regards
    Darren http://www.php4hosting.com/ $ http://www.php4hosting.co.uk/
  6. #4
  7. No Profile Picture
    RyanP
    Guest
    Devshed Newbie (0 - 499 posts)
    darren, can you explain to us how we can have a file that is private to one user/group and at the same time accessible by the webserver? from my recent research i have not found this to be possible except by using perl and suEXEC -- iow, no PHP
  8. #5
  9. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>If the server is setup correctly nobody can read other peoples files

    If that is the case, you yourself would get a 403 error since Apache can't even read it. On the other hand, if Apache can read it, everyone on the same server can.

    >>Shared servers are secure if the people that run them understand security!

    Likewise, for those who understand security can do all kind of bad things. This makes shared servers insecure enough.

    I don't care if you run http://www.php4hosting.com/. If I have an account there, every files in other members dirs are under my control.
  10. #6
  11. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    I don't know if this would help, but did you try using unlink()??

    I would think that since PHP is the owner, that a little utility from PHP that removed the file, would be the answer.

    Granted, I've never encountered this, well once with a guy who was hosted by media 3, of course it was a perl script that had a similar problem, and what it boiled down to was the host had the server configured in such a way to prevent users(customers) from
    setting their own "mods" on files..

    So the script or the server claimed ownership of everything.. the only way around it was to create a small utility script.. or call the host..

    some hosts don't seem to trust their customers..

    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.

IMN logo majestic logo threadwatch logo seochat tools logo