Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
 
  HOME    TRACKER    PHP




CHMOD Security Settings


I have a webpage that some hacker managed to load a file onto. My website's help support suggested that I should not use chmod 0777 since it is not secure. However, I need to allow my site's visitors to open files & write information to them.

My question: Is there a setting that will allow site members to create, open, write to, and delete files using my pages but will not allow them to create their own pages outside of my control?




View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Php Email Attachment, Chmod Settings
I have a php script from Obie (link at bottom) which uploads a file to
the web server, then attaches it to an email, and sends it to a default
recipient.

This program requires setting a directory for the files to reside in
temporarily. What settings should I put this folder to to be most
secure, 755? 750? other? If the user is uploading, is that the
"world" permissions, or is that the "group" or "owner" permissions?
I'm not entirely sure how the upload in this script works, but it uses
the "open()" "fopen()" and "fread()" functions in there.
CHMOD Settings For PHP Image Upload
Does anyone know of a way to get past the CHMOD 777 when creating a php image upload? My new host doesnt allow CHMOD 777 and when i attempt to upload a file i get an error saying i dont have permission.
Include Files Folder - CHMOD Settings?
Currently, I have various php files in my "public" folder on my webserver. I also have "include" php files in a designated folder w/in my "public" folder (i used include("file")

Example: path files

public folder => index.php, products.php, aboutus.php, etc
public folder/include folder => includefile1.php, includefile2.php, etc

what CHMOD settings should i set... so that users cannot directly open my "include" files? and where do i set them? on the "include" folder? on the individual "include" files?
Checking CHMOD Settings Of A Certain File/directory
I know how to set the CHMOD for a file, but does a function exsists where I can see a file's CHMOD settings?
PHP Security Settings Exec ('chdir ..')
I have following question. I use exec ('chdir ..'). But in my own computer it says what it's disabled due to security reasons. in a php ini i found a string security = on, i change it to off, but nothing happens.

I use Linux OS. May be somebody can help me to enable exec command.
Settings
How would I get a setting from mysql using this $settings['title']
Permission Settings
I'm having some problems with file permissions, is there a way to set it so i can write to the file, then after it writes set it back so it can't, so that i can make sure everything is secure.

here is some code i'm using now.

===================================

if (!isset($HTTP_GET_VARS["filename"]) && !isset($HTTP_POST_VARS["filename"]))
echo("No such luck - no file to edit.");
else
{
if (isset($HTTP_POST_VARS["submit"]))
{
$fn = stripslashes($HTTP_POST_VARS["filename"]);
switch ($HTTP_POST_VARS["submit"])
{
case ("Save"):
{
$fh = fopen($fn, "w");
$fcontents = stripslashes($HTTP_POST_VARS["filebody"]);
$succ = fputs($fh, $fcontents);
fclose($fh);
}
break;
case ("Delete"):
{
if (unlink($fn))
die("<p>" . $fn . " has been vaporized.</p></body></html>");
else
die("<p>" . $fn . " has escaped vaporization.</p></body></html>");
}
}
}
else
{
$fn = stripslashes($HTTP_GET_VARS["filename"]);
$fcontents = join ('', file($fn));
}

======================
Display Settings
I am trying to have a page open up in both netscape and ie which will simulate having the display settings on the p.c. set as a desktop area of 800x600 pixels. Has anyone done anything like this with php? I was looking at the javascript window.open syntax but was wondering about php.
Php Session Settings
I have tried using the following CMS systems on my web server (remote)
Joomla
CMS made simple
Phpwebsite
And more recently
Coppermine photo album
All of these apps use PHP heavily.
None of these apps seem to run very well and they all require constantly...
Best Way To Set DB Connection Settings
I was wondering what is the best way to code the DB connection settings, by settings I mean the username/password and DB name. Right now I'm doing it in every php file that talks to the MySQL DB, but I think it may not be a good idea. How do you guys do it? like call it from a central file or something?
PHP Server Settings
PHP seems great but I don't think my server is set up properly for it. It's a RAQ4 with PHP4 installed, apparently (Webfusion/Dedicated Servers special). When I open a file ending in .php that is on my server, within a browser , it wants to download it, not show it.
Session Settings In Php.ini
I may have some misundertanding /lack of information, but I have always
wondered this:

Why there must be THREE setup lines concernig cookie/transid thing:

session.use_cookies
session.use_only_cookies
session.use_trans_id

That makes 2*2*2= 6 combinations. Since this is the case, one would suppose
all 6 are meaningful and sensible.

But why I feel that session business should in practise use EITHER cookies
OR trans_id? Not both at the same time and not anything(what) else also. In
that case only one line was enough and ANYWAY, one line would eliminate
impossible combinations.

why have not like: session_policy = "cookies" // options: 'cookies',
'trans_id', 'both'

What is it that I don't get? What is it that I have misunderstood? Or is
there some historical reasons. Please, list your opinion of MEANINFUL
combinations of those three settings. Thanks for answers, I believe this can
enlighten others too.
Getting File And Dir As Settings
I need to create a small settings window in PHP.

I need to set options like
1) an exe file
2) directories (search path), one by one, output
3) allowed users for certain items (string list)

I found this:
<input type="file" name="file" size="20" <? print("value=$mergerprg2");
?>>

but I cannot set the present file here - how do I do that?

how do I select a directory?
.htaccess Settings
I read in a PHP and MySql book that you can set auto_prepend_file into a .htaccess file in a directory on an Apache server and set up headers and footers for all files in that diretory. I gave this a try.

Code for .htaccess:
line 1- php_value auto_prepend_file "/footer.inc"
Code in footer.inc:
<center><a HREF= "javascript:window.close();">Close Window</a></center>

I am getting an Internal Server error whenever I try and open a file in the directory. I remove the .htaccess file and refresh and the page opens just fine.
Question To Php-settings
i have some php-scripts with things like this

echo <snip> _("Name:") ; <snap>

it is not possible to see this page in my browser

when I change this in

echo <snip> ("Name:") ; <snip>

the page is loaded.

I think it's an php-setting, but which ?
Server Settings For File I/O
I have a script which basically just does this PHP Code:
How To Change Settings For Cron Job.
Hello I have VPS. I have made an account in it and its working fine. But only one thing is that when i try to set a cron job via cpanel.I m sure the path to file is Ok e.g /home/username/next-path to file. But When this cron runs there comes the msg in email that permission denied. How can i solve this prob. The file permissions are 744. Is i am to allow this feature from WHM. if yes then how?
How To Change Configuration Settings Without Using Php.ini
How to change configuration settings without using php.ini I want to change
upload_max_filesize at runtime. By using ini_set() it is changed temporary or
permanently.

1) I want to change permanently at runtime it is possible or not.

2) I want to upload file with 100mb. What are the configuration settings are changed in php.ini file.

3) I don’t want to display warnings in the browser. How to restrict it.
Browser Settings With Cookies
i am setting a cookie with my browser but it doesnt set it if i have my browser set on medium privacy. how come my website is so harmful and wont set cookies without setting my browser to low privacy. most browsers are set to medium so is there a workaround?
Php.ini Settings Not Taking Effect
I just put up php.ini-recommended as php.ini in the server-side working directory where my php scripts are located. The file has "magic_quotes_gpc" set to "Off", but when I test it within my php script using "get_magic_quotes_gpc()" I find it is set to "On". I thought all I had to do was setup php.ini the way I wanted it and locate it in the working directory. As it turned out, I didn't have to make any changes to php.ini, just renamed it from php.ini-recommended.
Checking Browser's Settings
i was wondering if its possible to check a user's browser settings. like checking if the meta refresh or javascript or cookies are enabled. is that possible using php(or maybe javascript)?
Override Session Settings From Php.ini
running php 4.0.4pl1 on NT, i've developed a session_set_save_handler that stores the session info in a mySQL table. however, i've run into two problems, 1. one server this script is going on, i do not have access to the php.ini file 2. there's some session variables that i'd like to determine per php script (eg: session.save_path = c:/temp1 for one page and c:/temp2 for another, etc.

i'm not so worried about problem #2. i'm really looking to be able to override some of the session preferences on the server to which i have no access to the php.ini file (i need to set session.save_handler = user to get my handler to work). i've been scouring php.net/manual but haven't gotten a clear answer.
Is $Settings['string'] An Example Of An Array?
I'm still pretty new to PHP and I have a question. I know that
variables are preceeded by a "$" (dollar sign). Typically, a variable has
one value, unless it is an array. Then it is essentially a pointer to
numerous values sequential in memory. The code I'm looking at now is using
the same variable name, but assigning a different "index" to it, if you
will.

For example, I see the following:

$settings['use_default_images']
$settings['doctype']
$settings['theme_url']

And many more.

What is this feature called in PHP? I looked at the reference on php.net
and it isn't anywhere to be found under arrays.
Possible To Override Php.ini Settings In A Particular Subdir?
I am working for a client who has some production sites on the machine i'm developing on. he's got display_errors turned off in php.ini for the overall web server setting. Is there some way I can over ride this setting but *only* for the subdirectory i'm developing in?

I know how to set error reporting to e_all but this doesn't help if there's a syntax error in the file I'm working on - the server just shows a blank page and I have no idea which line the syntax error is on.
Determining Session Settings In Code
I've been having problems under IE6 with a script that uses cookies, so thought I'd try switching to using sessions instead.
However, while the script works perfectly well on my own site, it doesn't always work on sites where I can't control the session settings in php.ini. I've searched through the manual, and searched previous threads here on the forum, all without success.
Is there any way, through code, that I can tell if php was compiled with the --enable-trans-sid switch, or if session.use_cookies is enabled, or all the myriad other sessions settings?
Call Proxy Settings From A Php Script
Is it possible to use proxy settings in a php script? How can I code this?
Php/Apache Settings, Fsockopen Not Working?
I am having problems on my websites with certain things not working. My one site will not grab rss feeds, and the other wont report external torrent information. I thought it night be the allow_url_fopen in php.ini, but it was set to On.

What other options could be affecting this? I am running slackware 11, PHP 4.4.4, MYSQL 5.0.24a, apache-1.3.37-i486-2
Missing Charset Or Bung Server Settings?
I was wondering if some one could take a look at the two
example server outputs below, and help me understand what is wrong.
I'm getting garbled characters.

The php script I'm developing delivers XML to a client side
application I'm also putting together in VB.NET .. Example 1 is my
development PC.. It has a recent build of PDP & Apache. This output is
good.

Example 2 is the production server and is adding all sorts of strange
characters, that are causing the XML to be invalid.

I'm thinking it has somthing to do with the lack of charset in Ex2..
perhaps. If that is the case can I specify it in the .htaccess file
because I dont have direct control over the production server. Has any
one seen this before?
Server And Document Root Settings In Apache
I'm not sure if I'm even asking the right question, but my website (not hosted by me) used codes like include $_SERVER["DOCUMENT_ROOT"] . "/include/header.php";.  Per a forum member's suggestion, I ran an echo on that command, and it gives a folder tree three folders deep...  So, online, it points to the correct page, but I'm trying to set up Apache (I used WAMP) to get a beta test site on my own computer.  So, the above command doesn't work. 

I ran searches for "document_root" and "php5/pear" (a directory in the error messages I get) to see if I could find a path setting in either Apache or PHP config files with no success. Does anyone know how to set up either my Apache or PHP config so I can define what $_SERVER and DOCUMENT_ROOT are pointing to when they're on my localhost without making them not work when I upload them to my web host?
Replaceing A Value Within An External Settings Text File.
im in the process of creating a method to allow the user to change the config file currently in use. i have created an html form with a dropdown menu, which passes the filename of the new config file forward to the action page. Code:
Chmod And Php
been looking around and can't find out how to chmod a file in php

how do i do this and thanks
Chmod
I've currently set up my home computer to run as a server(Apache, PHP3 etc etc) and have been downloading a lot of scripts.

In the install instruction for a lot of these scripts it says to CHMOD a folder to 777. Now I'm very inexperienced in php. I do know you can do this from your ftp program. But how can i do this when the folder is on my computer.
Use Of Chmod
I have problem with:
$ff=dirname(__FILE__);
chmod("$ff/uus", 777);
chmod("uus", 777);

which can I not change the directories? I work on a site on a place, where I cannot upload files to the main dir, therefore I create subdirectories for that... and set them using this. At least, that is what they say I should do. Still the code above...
Chmod
I'm using a script that makes it possible to count downloads and it comes with a self installer. I ran it, but instead of chmoding a directory to 0777 like the code is supposed to, it chmods it to 0411 and for some reason I can't change it to 777 in my admin panel.

Anyone know what I could do either in my admin panel or is there anyway I can change the installer script below to make it chmod 777? I'm running on a Linus OS, Apache 1.3.28 (Unix), and PHP 4.3.2. PHP Code:
What Is CHMOD 777
I am trying to add an upload section to a website ... so users can upload / download files such as newsletters etc, i have found a couple of php sites offering the files for use to do this, but all say 'CHMOD it 777'. What is this? How and where do i set this? They all seem to say 'its so simple'.
Php Chmod?
say i have a php script that i access via the web and that creates a
file whose permissions are changed to 600 (ie. only the owner can read
or write the file). when i try to download the file with the
webbrowser... i can. what i want is to not be able to download the
file, itself. i only want the php script i wrote to download the
file... how could i do this? is it simply a matter of changing the
permissions?

anyways, here's my code:

<?
system("ls -l > test.txt");
chmod("test.txt", 0600);
?>
CHMOD 777
In order to install this, certain files need to be set to CHMOD 777, but due to the host, we cannot edit this. We contacted them and they told us to create a php.ini file with mod_rewrite enabled, they told us to do this, but not how to do it....
If I were to unzip the files on my website, change the CHMOD to 777 on the required files, compress them again, and unzip them on my friends website, will the files still be on CHMOD 777? Or, is their another way to change the CHMOD?
CHMOD
!ftp_chmod($connection, 777, $Subpage);

$Subpage is the variable that holds the directory name..

I keep getting this error:

Fatal error: Call to undefined function: ftp_chmod() in .
Chmod
I am uploading an image to my web host and am storing a reference to the file in a mysql database. The file upload works and the reference to the image is stored in the db. However viewing the image generates an "unauthorized" error.

I was told by the host that this was a problem with my php script and not setting permissions on the uploaded file via script. I have reasearched this and to the best of my knowledge I need to use the chmod command. Following is my code, at what point to I call chmod? Code:
Sessions Troubles: Session.save_path Settings (Warning: Open)
Anyway I have a an Apache server installed through PHP Triad on my computer. I have had this problem before also but I always got another way around it with stuff like cookies or something.

But this time I tried running Burning Board(woltlab.de) on my comp. and I canm't get around it. What's wrong here is that the sessions.save_path isn't properly set from the begining. I get these errors while I'm running Burning Board:

This comes right at the top pf the page:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Warning: open(tmpsess_727f9c3ebeef44aa7c08ccf164e15614, O_RDWR) failed: m (2) in C:apachehtdocsb\_functions.php on line 22
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
And these 2 came below the page:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Warning: open(tmpsess_727f9c3ebeef44aa7c08ccf164e15614, O_RDWR) failed: m (2) in Unknown on line 0

Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (tmp) in Unknown on line 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Settings Up Additional 'http://localhosts' (ie. Localhost2, Localhost3) In Apache
My knowledge of apache is nothing impressive,. I purely use it to run
local websites. I was wondering however, if it is possible to create
more local domains like localhost. I like my local websites to be able
to run in a simulated environment as my remote host. This would maybe
run like http://localhost, http://localhost2, http://localhost3 ...

Can it be done? Btw, Im running apache on Windows.
Chmod, Chgrp, Ch-help
Here are the facts:
Host: www.hostrocket.com
Issue: can't chmod a directory through php code.
Facts:
I set up a subdomain using my hosts tool. This creates the folder and a cgi-bin subfolder. The owner and group are set to my user id for my host.

I have existing information in another folder that is copied over into the new subdomain folder. The old folder was created in code and owner/group was "99" - I think that represents "nobody."

If I want to alter the data in the subdomain folder via code, I can't. I have to chmod to 0777 via my ftp program first.

What I have tried:
1.) chgrp ("../subdomainname", "nobody");
2.) chgrp ("../subdomainname", "99");

Trying number 1 got me "chgrp failed: Operation not permitted. " Number 2 got me "can't find gid for 99," I think.
I also tried the normal:
chmod ("../subdomainname" , 0777);

Question (I guess). How do I change my owner/group from my user ID to "nobody?" If I can't do it in code, can I do it in ftp? I've trie with no luck. Other options?
Chmod A Directory
How can I chmod a directory to 0777. I tried chmod ($myDirectory, 0777); but nothing happens.
Chmod() Problem!
Warning: chmod failed: Operation not permitted in /home/dualsoft/public_html/admin/admin.php on line 1029.

Warning: Cannot add header information - headers already sent by (output started at /home/dualsoft/public_html/admin/admin.php:1029) in /home/dualsoft/public_html/admin/admin.php on line 1030.
Well, everytime I try changing the chmod of a file using chmod() I get this error.
The file have to all ready be in a certain mode before it can be changed externally.
CHMOD In Windows?
I need to change the attributes of a file from 700 to 777. But Windows no likee CHMOD (UNIX command).
Chmod Functions
I'm currenty developing a CMS library in PHP and MySQL. The thing I
wan't is a chmod like system on the forum; the categories and forums
work like *nix directories and threads as files. Does anyone have any
ideas on how I should construct the methods for read and write the octal
value.

An idea is the "chmod_read($int_octal)" returns an array;
array(read => true, write => false);
Bug With Chmod() Function In PHP V4.1.2?
Does anyone know a specific bug with the chmod() function in PHP v4.1.2?

For example: chmod("somefile", 0700) will result in the file somefile having very odd permissions that do not reflect the second function parameter. PHP owns the file, so it shouldn't be a problem with permissions.
What CHMOD Do INC Files Need ?
I'm hosted on a Cobalt RAQ3 server and I'm going mad trying to make work (create, edit or delete) my INC files. I believe it depends maybe on the wrong CHMOD (664 as default also for my PHP4 files). What CHMOD do they need? And the related directories?
Chmod Access
I have root access to my LINUX server and I want to know what I need to set up on the server to allow me use PHP coding to perform chmod functions via the web Can some one point me in the right direction with either some samples or URL describing this.
Copyright © 2005-08 www.BigResource.com, All rights reserved