SuperbHosting.net have generously
sponsored
dedicated servers to ensure
a reliable and scalable dedicated hosting
solution for BigResource.com.
File And Directory Permissions For PHP Application
I make the directory 0777 and then write the file then i make the file i tried a few but they keep from being read im sure the file is ok i think i can handdle file permissions but i think its directory permissions im having a prob with.
Its an image file i write it and then need to use it so make the directory 0777 and then write the file and then what to the file and what to the directory ?
i am using php ftp() but if anyone knows any differences with php chmod() then please tell me apart from that i do a 777 righth now and leave it at that.
what should i being to the directory and file after to make it secure because i dont whant people tampering with them ?
OH AND THIS PROBS ON TH MAC OSX 10.4 TIGER
my chmoding works fine on linux the way it is 0777 and then a 655
+ somtimes i play with the permissions of the directory throgh the os GUI or the shell and i got it to tell me i dont have permissions in the OS but in PHP its ok is this coz PHP got ownership of it when i messed with the addtional BIT.
Application Permissions
I'm working on a php project management application, and doing a security audit. Currently the application uses a page based permission system in which you assign available users or groups to access the page.
However, I'm wanting to change this over to a functional permissions page. For example, on one page, a user can do the following: View, Edit, and Delete a record. Anyone that can access this page can perform these functions.
What I'm wanting to switch the system to, would allow permissions to be granted to the functionality of the page, so some users could only view, some could view and edit, and some could view, edit, and delete.
I don't have much experience with programming, so I'm curious about permission system theory, more than actual code examples, so that I can start to design the way this permissions system would work.
Set Directory Permissions
how to go about changing a directory's permissions once it already exists? I see in the manual how to do that to a file, but the only thing I've found when it comes to a directory's permissions is when the directory is made with mkdir().
Directory Permissions
How does one set directory permissions in PHP? The manual only refers to chmod function changing permissions for files. I try to use it for directories but it didn't work.
Directory Permissions For Fwrite
I use the fwrite command so that visitors are able to create a PHP web page with the information they submit via a form. I am trying to find the best permission code that is not 777 that will allow the fwrite command but not allow hackers to upload to the server. Do you have any suggestions as to what permission to use as I was hacked this weekend.
Okay, I thought I had correctly followed all the steps to password-secure the directory where I installed phpMyAdmin on my RedHat9 machine running apache, but I must be missing something:
1. Create a directory in /var/www/html to place the files. 2. Load the files. 3. Check the index.php and make sure it pretty much all works correctly. 4. Create a .htaccess file in the directory 5. Create a mypasswordfile in the directory 6. Edit the .htaccess file thus:
AuthName "My Domain" AuthType Basic AuthUserFile /var/www/html/mydirectory/mypasswordfile require user myusername
8. Set the permissions on .htaccess and mypasswordfile to 644.
After verifying that the files had the correct content, were located in the correct directory, and had the correct permissions, I tried hitting the index.php file from my M$ browser and still did *not* get a username/password prompt. Also tried restarting the server, no avail. I can still hit the index.php just by entering the url. However, on exploring the directory with midnight commander, I do notice that there is a file called '.htaccess' and *another* file called '.htaccess~' both of which have the same content. I don't know if this is even relevant, I'm not really much of a unix monkey but I guess I ought to be more of one if I'm going to continue developing php/mysql.
Is it possible that the permissions on the directory holding the files is the issue?
How To Set Directory Permissions Temporarily
I'm writing some simple CMS-type scripting where a user will occasionally upload an image to a certain directory. If the user thinks the image looks OK, the script copies it from a temporary location to an image directory.
Everything works fine, except that the script, as I have it up to now, seems to require that the image directory in question has its permissions set to 777.
Otherwise the file won't copy. But leaving a directory set at 777 is asking for trouble, as far as I can understand (though I don't fully understand why). Code:
Phpbb Directory Permissions On Windows?
What should the directory permissions look like on the various folders in a typical phpbb install? I was looking at a server today that had phpbb installed on a box with IIS installed on it and many of the folders had read,write and modify flags set for the IUSR_MACHINENAME account. Im thinking this should be changed to read-only.
Directory Permissions When Managing Files In PHP
I am some scripts that allow users to upload images. However in order to make it work i have to change the permissions of the directory to 777, is this not secure? Is there a better way?
Copy A Directory With Security Permissions
I am trying to make a page that will accept input from a user and create a directory structure from the input then fill that directory with the contents of a template directory and put the correct permissions back to the folders. This is on windows 2k server using active directory. a small sample of what I am trying to do: Code:
Mkdir, Directory Permissions Denied
I want to create a directory tree on the server with the user's name as the top level for that user. I want to create this directory, and two subdirectories, when the user signs up. The problem I am having is with permissions. I get:
Warning: mkdir(11june1): Permission denied in /home/virtual/site127/fst/var/www/html/ssUserAdd.php on line 87
How do I have the user's action result in the directories being created, but not have the user have access to anything except in that tree through the interface?
Application Directory Structure
I am a beginner and i would like to know the proven directory structure used for any web based php application taking into all security considerations.
Application Directory Structure (best Methods/practices?)
Assuming we aren't using a framework like Symphony, CakePHP, CodeIgniter, etc., what do you think is the most logical way to structure our application so that it makes sense, directory-wise?
For example: we will most likely have our own classes and functions that we wrote which we'll need to use, but how should we store them?
We would also have a header and footer file most likely, along with other "subpages" - but where do we put them? Do you create a 'library' or 'includes' directory which contain our classes and functions in seperate .php files? Do you create a 'templates' directory that stores our header, footer, etc? Code:
File Permissions
Im in the process of creating a web based frontend for a program called ASK (Active Spam Killer - http://a-s-k.sourceforge.net) and am currently running into a problem. Currently there is a perl based web front end, but it lacks functionality, and is rather bland, although it does work, and it works without changing any file permissions.
The problem im running into is that PHP requires me to make changes to file permissions (ASK files are located OUTSIDE of the web tree) which might end up causing problems as far as security and privacy of email. Has anyone come to any reasonable answer for this type of problem as im sure its a issue for other programs people write.
File Permissions....
I've read the stuff concerning writing to a text file and the related file permission issues on this forum.I have a script that does just that, it takes user-entered data from a Web Form and dumps it to a text file on a server.
This works fine on my private server, but is giving me the error...."Could not open stream.Permission denied on Line..." on the company server...The Company machine uses Windows XP.
I've tried talking to the System Administrator regarding the Permissions,but he says that giving READ/WRITE/EXECUTE Permissions could create Security Issues.
I have been told that previously,a script written in ASP had been used that did exactly the same thing i.e writing to the text file, but there were no File Permissions needed to be set!
4.3 And File Permissions
I know that the PHP "chmod" command sets file permissions, but how do I retrieve what the permissions are for a particular file using PHP 4.3?
Also, I need to put a whole bunch of existing files into these, 'made-by-php' directories, and that seems impossible by means of FTP. I get an 'access denied' error every time.
How Can I Have Permissions To Delete A File?
How can I have permissions to delete a file? example: I have to delete a file, but I don't to public users have permission to delete that file but, with a certain "login" they can.
File Permissions After Copy()
This function basically creates a new dir in a determined location and copies the files from an established dir to the new dir. It copies the files and creates the folder ok, bit it sets the file permissons to 755 for the new folder and file contents. I then get a 550 error if I try to delete or chmod them. Any suggestions? I get permission errors in the script if I use the chgrp and chmod functions also. PHP Code:
File Permissions In Win98
I just wanted to know if there was any way I could change my file permissions so I can use the fopen function in windows 98 using Apache and PHP 4.04???? I know how to do it for Linux but I need it for Win 98.
Change File Permissions
i'm trying to create a file management tool online using php. Everytime i copy or create files or folders though it assigns ownership of the new files or folders to the apache id. i tried using backticks, exec, shell_exec and the php shell commands. php safe mode is off.
i can create the files and folders using shell commands and have tried to change ownership using chown but that doesn't seem to do anything. any insight can help. the goal is to be able to create these files with the same admin user ownership as all the other files on the site.
CHMOD File Permissions
i have a few question about file permissions. which is the best way to set a permission to a mp3 tha ti can play on the website, but if anyone try to get it from the directory they wont be able to?
like if i am playing thissong.mp3 and someone went to the directory to try and get the file music/songs/thissong.mp3 they would get some kind of error. also for folders that don't have a index file. which permission would be the bes tinstead of creating a number of index for each, but not give a use permusic to see the context if the go to mydirectory/functions/ .
File/folder Permissions
I have an upload function that uploads images into a folder. The folder is set to 777. However when I upload an image file to the folder, the file uploaded is set to 600. Therefore it wont appear on web. I'm not sure why this is doing this for?? Im using the php function move_uploaded_file to upload the file.
File Write Permissions
I'm trying to get an open source PHP app working for my company. It's giving me the following custom error:
FreeMED was unable to create a file to record the healthy status of the system. The FreeMED directory should be owned by the user that the webserver is running as... Usually this is 'apache'. You can also fix this by giving universal write access to the home directory of FreeMED.
But that is not advisable from a security standpoint. I've narrowed it down to the line of PHP that's breaking it here:
$test = CreateObject('FreeMED.FreeMEDSelfTest'); As far as I can tell, I've made the directory it's using as open as possible and it's still giving me that error. The owner is apache (user and group) and the permissions are (temporarily) set at 0777 (universal read/write).
Is there some PHP or Apache configuration that needs changed to allow PHP this kind of permission?
File Permissions Windows
i am using the LOAD DATA INFILE to load from a txt file. Although it works fine with the MySQL command it does NOT work with Script...does anybody know why?
Rsync And File Permissions
Im sort of new to using rsync to transfer my files. unfortunately it is messing up something with the permissions, and somehow i get a 403 from the server.
The file uploads and moves into the properties folder. That folder's chmod is 777, but the file's chmod is only 600 making it unreadable by the server. I try to chmod it with php (as you can see above) and it doesn't work.
Not Enough Permissions To Delete A File
I want to delete a file using unlink() function. I'm getting a warning that says that I have no permissions to do that.
I suppose that is because the file I'm trying to delete is under the root directory path. I searched the forum about deleting files but found nothing alike my problem...
Upload File Permissions Problem
I've moved an existing site (which I didn't write) from a apache/php/mysql host under windows to a linux apache/php/mysql host. I've sorted out most problems except one.
There is an upload function on the site, which uploads files via POST to temp folder and then moves it into a folder on the host using php function move_uploaded_file. Under windows this works fine but on the linux host the uploaded file is created with 600 permissions so it cannot be accessed later by site visitors. The folder it is uploaded into has 755 permissions. Is there a way of setting the default file permissions so each uploaded file can be set to say 644 or do I need to chmod each file after upload?
File Permissions Of PHP Session Files
I noticed that the file permissions (unix) of the PHP session files have only read and write permissions for the Apache process (600 or rw- --- ---).
Does anyone have any idea where this permission is set ? I can't find any umask or chmod settings for it in the php.ini file. Can't find anything in the httpd.conf either. Is it set in the PHP code that implements session_start()?
Creating A File, Uploading, And Permissions
I'm using php4 and i want to check for a file, if it doesn't exist it should be created. My problem is i have to create it with specific permissions specifically 666 so that the script can then write to it. I don't have ftp access. I'm also looking for any tutorials, recent ones, using php4 for creating file upload areas, i'm trying to make one of those as well.
Minimun File Writing Permissions
I believe the chmod command -w- is write only, the minimum file writing permission but what is this in terms of numeric - chmod 755? or 777 .
$fn = "file.php"; $FileHandle = fopen($fn, 'w+') or die("can't open file"); $stringData = "Something"; fwrite($FileHandle, $stringData); fclose($FileHandle);
when i check the file properties i can see that the file's permission is set to 644 so when i use the following code to delete it i get a permission denied error. PHP Code:
$myFile = "file.php"; $fh = fopen($myFile, 'w') or die("can't open file"); fclose($fh);
$myFile = "$file.php"; unlink($myFile);
what shall i do to set the permission to 777 when creating the file?
Chmod Mkdir And File Permissions..
I'm trying to create directories and move files with the right permissions. When I make a dir using mkdir I'm setting the permission to 777 to my folder variable $t2 below,
but when I check the chmod it's 755? When I copy files over to this folder the file permission are set to 644 and I can't even get rid of them on the server because it won't allow me to delete them. Is there anyway to set permissions to a file as you're using the copy function? Code:
Change File Permissions On Uploaded Files?
I am trying to find a way to change the default file permissions for uploaded files using PHP. When I upload a file using my PHP script the default file permissions are 755. I would like the file to have 744.
Got all that communicating and recording to SQL as desired (i think and hope) but have now one small issue remaining.
We have more than one position open, so what we thought we would do is one one page list the jobs that are open at the time with their descriptions, salaries, etc..., with an "Apply Now" button that when clicked on would take them to the application page.
My question is, how could I make it automatically carry over the job they clicked on to automatically populate a "Position Applied For" field in the application?
Set Up The Permissions So That My Script Can Simply Fopen A File For Writing.
I am rather new to PHP and a relative newbie to Linux too. I have a webserver at home (Apache 2.0.48 on SuSe 9.0, PHP4). I have some scripts, one of them needs to be able to create logfiles somewhere on my machine. It must also later be able to read from and write to these files again.
Sofar I get a permission error. I tried chmodding 666 or 777 the directory in which the files could reside, to no avail. How do I set up the permissions so that my script can simply fopen a file for writing. Or if that's not the issue, what am I doing wrong or overlooking ?
The errors: Warning: fopen(logfileslog1.txt): failed to open stream: Permission denied in script1.php on line 142 Warning: fwrite(): supplied argument is not a valid stream resource in script1.php on line 154 Warning: fclose(): supplied argument is not a valid stream resource in script1.php on line 161 It's the first I am puzzled about, the 2nd and 3rd are a logical consequence.
By the way, reading from and writing to a file I have previously created myself with exactly the names I tried to get created by the script (echoed the name, ok) is no problem at all. So I don't think it has much to do with a safemode or open_basedir setting. I also tried creating the scripts in the same dir the script itself resides. Did not work either.
Linux File Permissions On Maildir, Apache User
i have the following problem. I am trying to create maildir directories on the local filesystem then chmod, chown them to courier:courier (for courier mail server). the courier mail server reads and writes on these maildirs on the local filesystem and they need to have courier:courier ownership. it does not work because the directories are created with apache:apache ownership and apparently only root can change ownership. My question is as follows. Is the only solution to this problem to add the courier user to the apache group?
Open A File To Store Some Date :: Permissions Dilemma
I want to open a file to store some data. However, when I use fopen('filename', w) I get permission denied. So, I've changed the permissions of the directory to get rid of the permission denied problem. Unfortunately, this seemed to require changing the directory to have permissions 777.
Creating A File Tracking Application
I am looking for an excel template or application that will help my track 800 or 900 books. I will like to keep track of metadata information about the books (author, title, ISBN..etc), Status(pull down menu), dates(time stamps), dates file updated, and who updating the spreadsheet. Also, I would like to have some sort of check-in system that will make sure it will lock or at least alerts the user that some other user is updating the files at the same time.
Creating A File Storage System For A Web Application
I am creating a file storage system for a web application. What I am doing is storing the name, size, and type in a database, and storing the data itself in the root directory tree.
I do not keep the file extensions on these files in the tree, they are given a random 12-letter name (2l3j4234j343). However, after I collect the data from the form and write it, it is not an exact copy. Code:
However, there are two exceptions that I know will occur and I don't care to catch them. So I need to modify the above regular expression to ignore the two exceptions that will get generated.
Fill Out Application - Pay - Submit Application
Well, I'm working with a client right now who has an application form, which upon completion, is submitted to her, and then the applicant is redirected to a page to make an initial payment for her services.
Her problem is that when people send the application, a lot of times they don't pay, which makes it lame for her to have to sift through all of them. What I am trying to do is make it so one form contains the application, takes them to the area to pay, and once they hit the button to pay with, the form is submitted. The way i have it now, there are two problems: Code:
File Upload :: Warning: Fopen - No Such File Or Directory
I’m getting the following errors when I try to run the script below on a live server. It’s a crude script which uploads text and images directly into MySQL. It works fine on my local machine, I have Apache, PHP4 and MySQL running on windows. The live server is Unix.
When I try to upload images from my loacal pc I get the error below, when I placed an image file within the same directory as the script on the live server and tried to upload it that worked. I wanted the script to allow image uplload from a client pc Can anyone offer a suggestion?
Warning: fopen("C:Apachehtdocs Grey.jpg", "r") - No such file or directory in /usr/local/home/httpd/vhtdocs/sitehostin/moondance/backend/test_imagedb.php on line 57 Code:
File Upload - Directory Is Writable, File Is Not
I'm writing a script to upload images along with articles to a directory on the server. I'm developing it offline on my WinXP and Apache 1.3.x laptop and it's working great, but when I move the script to the server, I get write errors when the file attempts to upload.
So I set up a test script (included below) to test the directory structures all the way up to the file, and every directory appears to be writable, yet I can't write to the test file. I keep seeing suggestions to set the open_basedir directive in the php.ini file to solve this, but it's hasn't worked yet. Can anyone suggest what I can try to get the uploads working?
<?php
$filename = 'images/articles/test.txt' $somecontent = "Add this to the file";
if index.php contained PHP code to check if the page had been called with a variable such as "password", is there anyway a public member can get to see the raw php file and therefore see what the password is?
index.php might be:
if ($_REQUEST[password]="secret") {[color=blue] >Then show one page[/color] else[color=blue] >show another page[/color] }
So if a user visits with index.php?password=secret
they get to see the secret page. But as the index.php has to have file permission set so that anyone can read it, I'm worried that the public can just somehow view the file and learn the password.
Use A Content Type Application/zip, And A Content Disposition With The File Name (test.zip)
I was able to use Ethor's suggestion to fix a problem I'm having. My original problem was that I was missing the quotes around the filename in the CD header. I've read the ensuing dialog between Ethor and JD and have a question/comment driven by the fact that things don't seem to work for me the way they're "supposed to" and I wonder why.
I use a content type application/zip, and a content disposition with the file name (test.zip) just like JD suggests. But it only works if the HTTP request ends with ".zip". My request is http://a.b.c.net/cc/production.php?file=123&zip=.zip I get a valid zip file downloaded, but the filename isn't the filename in the CD header - its cc.zip.
Furthermore, if I make the request http://a.b.c.net/cc/production.php?file=123&zip= (no .zip on the end, which is what I wanted it to be), it doesn't work at all. The dialog box that pops up is making the filename ?file=123&zip=
(Note: I'm using IE as the browser. My server is remote from where I am, and I go through all kinds of route point and a VPN to get to the server. Also note that this works when I browse to my local machine.)
I've tried various combinations of application/zip, octet-stream, lower/upper case, quotes/no quotes, order, etc. All have the same result described above. The only two headers I specify in PHP are the CT and the CD.
I making a SWAG that some device between my browser and the remote server is monkeying around with the request and/or response headers. Otherwise why would the response headers that my PHP application has correctly applied? Is there something in the Apache or PHP configuration I need to look at? http://eye.cc php newsgroups
TRACKER
