Board index   FAQ   Search  
Register  Login
Board index System Administration Server installation and configuration

Setting file permissions and groups

Discuss server installationa nd configuration issues here

Moderators: macek, egami, gesf

Setting file permissions and groups

Postby HuwD » Wed Mar 07, 2012 4:13 am

Have written a website that allows users to upload images to a specified folder. To allow the images to be uploaded I set the file permission to 777. Apparently however someone has been uploading suspicious files from outside the site and I need to set up a user group and restrict access to that group. However I have no idea how to do that. The site is hosted on a remote server, think it's a unix server. Currently my only access to via Filezilla client but I'm sure I could get the necessary login details from my client if needed.

Anyone know of any good tutorials or guides they can point me towards?

Thanks
HuwD
New php-forum User
New php-forum User
 
Posts: 2
Joined: Wed Mar 07, 2012 4:06 am

Re: Setting file permissions and groups

Postby theserve » Wed Mar 07, 2012 7:07 am

unfortunately its quite difficult. The PHP scripts get executed as the webserver user (Apache) or as the owner if its running under suexec. I suspect if you have to have 777 permissions for it to work its running under Apache's user. In that case there isn't really a great deal you can do. It's quite common for 777 folders to be exploited. Just make sure your code is well written with security in mind.
theserve
New php-forum User
New php-forum User
 
Posts: 27
Joined: Wed Jan 18, 2012 3:18 am
Location: London

Re: Setting file permissions and groups

Postby egami » Wed Mar 07, 2012 11:50 am

Disclaimer: This may sound the wrong way, but I don't intend to insult you



But NEVER EVER EVER put a file 777.
EVER.

In order for files to be uploaded, the DIRECTORY needs to be read/writeable by the webserver user only.
You can control the types of files that are uploaded by your php, using the meta tags of your images. Check php.net/_FILES for more info.

This prevents losers who pick their butts from putting files up and trying to hack your server.
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2197
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: Setting file permissions and groups

Postby HuwD » Thu Mar 08, 2012 12:50 am

Ok but how do I that?
HuwD
New php-forum User
New php-forum User
 
Posts: 2
Joined: Wed Mar 07, 2012 4:06 am

Re: Setting file permissions and groups

Postby egami » Thu Mar 08, 2012 6:20 am

Google.

chmod
chown
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2197
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT


Return to Server installation and configuration

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron