Page 1 of 2
Ownership
Posted: Sat Jan 03, 2004 8:09 am
by ceige
I am building a photo gallery for some relatives of mine and wanted to make dynamic thumbnails for it. I found a few ready made photo gallery scripts out on the web but none of them fit my needs exactly so I decided to write my own.
My photo gallery script takes the photos in a directory and places thumbnail versions of them in a directory ./thumbs. The problem I ran into is that when my script creates the dir thumbs and creates the thumbnails it does it under the apache group and I, in the webmaster group, do not have permission to delete them.
How can I make apache give me ownership rights? When I use chown it says it cannot find my username/group. Why is that? chmod 777 does not let me delete them either.
Since I lack understanding in all matters any help is appreciated.
Thank you.
Posted: Sat Jan 03, 2004 10:40 am
by evilMind
try: chown yourUser:yourGroup -R ./thumbs
then try removing the files. rm -rf ./thumbs
Posted: Sat Jan 03, 2004 11:43 pm
by ceige
I need some way to do it through my script directly or through ftp. I don't have a shell acount on the server to allow me to use those unix commands.
Posted: Sun Jan 04, 2004 2:23 am
by evilMind
Don't know if you have access to the [php_man]exec[/php_man] or [php_man]system[/php_man] commands. If you do you can use those.
You may also want to consider using the [php_man]unlink[/php_man] function. Or You could try doing the following:
Open the file via a php script in 'w' mode (to truncate the data)
Write the contents of the truncated file.
** This will leave the filename laying around, but it will have a zero length (since you opened in 'w' mode (meaning you truncated the file)) See [php_man]fopen[/php_man] for more information on the modes you can open the file in.
Posted: Sun Jan 04, 2004 4:53 am
by ceige
Thanks for the help, I'm in the middle of writing a script that will allow me to manage and delete the files I have on the system.
...but I don't want to repeat this, when I create an image or a directory what mod should I pass to chmod to give me access to the files?
0777?
Will that give everyone in the world access to it?
Posted: Sun Jan 04, 2004 11:57 am
by evilMind
Yes, 0777 will give "everyone" the ability to view,edit, execute, and delete the files stored. However, if these are simply images (not executable code) it would be a good idea to set 0555 on the file(s) which would continue to allow anyone to view, edit, and delete the file, but it would remove the possiblity of "executing" the contents of the file.
breakdown of the modes:
First bit:
4 - Sets the "set user id" mode
2 - Sets the "set group id" mode
1 - Sets the "save text image" (or sticky) bit
Next three bits:
4 - Sets the r attribute
2 - Sets the w attribute
1 - Sets the execute attribute
All four fields can add up to 7 (any combo of 4,2, or 1).
eg: 0441 = -r--r----x
0521 = -rw--w---x
1577 = -rw-rwxrwt
and so on.
Posted: Sun Jan 04, 2004 11:59 am
by Nay
evilMind, mind me asking.......
how do you 'execute' an image?
urm.......calling it by the url but yeah, what happens when you 'execute' an image? It dies? o.O
-Nay
Posted: Sun Jan 04, 2004 12:15 pm
by evilMind
There's a lot of spaces where you can "fill in" an image w/o distorting it's contents too much. Same thing with mp3's.
Overall, I'm just being cautious.
Posted: Sun Jan 04, 2004 12:26 pm
by JAM
Haven't you seen the *.jpg image that opens 100's of windows in about 2½ seconds?
IE of course, but the scary thing is that you can't bypass it as the bad code is run though the IE's image parser showing the image...
Posted: Mon Jan 05, 2004 8:11 am
by ceige
I wrote a small script that
should delete the files I want deleted but it doesn't do a doggon thing.
Code: Select all
<?php
$path = "./*";
$cmd = "rm -rfv $path";
$string=system($cmd);
echo "$string";
?>
I place this file, delete.php, in a folder whose contents I want deleted. I then access it in a browser and it should delete all the files and print any returns from the computer on the screen.
I've also tried:
Code: Select all
<?php
$path = "./*";
$cmd = "rm -rfv $path";
passthru($cmd);
?>
...but it doesn't print anything and it doesn't delete anything...
Any help?
Posted: Mon Jan 05, 2004 9:15 am
by redmonkey
Perhaps you need to use umask() ? Have you double checked the permissions after creating the directory? Try running this little script.....
Code: Select all
<?php
$oldmask = umask(0);
echo mkdir('foo', 0777) ? "foo created\n<br>\n" : "Failed to create foo\n<br>\n";
umask($oldmask);
$fp = fopen('foo/bar.txt', 'w');
fwrite($fp, 'Some Text');
fclose($fp);
chmod('foo/bar.txt', 0666);
?>
That should create a sub directory called 'foo' then place a small file in it called bar.txt
Then run this little script....
Code: Select all
echo unlink('foo/bar.txt') ? "bar.txt deleted\n<br>\n" : "Failed to delete bar.txt\n<br>\n";
echo rmdir('foo') ? "foo deleted\n<br>\n" : "Failed to delete foo\n<br>\n";
That should remove both the file and directory.
Posted: Mon Jan 05, 2004 5:34 pm
by mwong
JAM wrote:Haven't you seen the *.jpg image that opens 100's of windows in about 2½ seconds?
IE of course, but the scary thing is that you can't bypass it as the bad code is run though the IE's image parser showing the image...
I haven't! What's that?
Posted: Mon Jan 05, 2004 9:20 pm
by JAM
Sorry, can't remember where I found it (I been wanting to send that to some 'friends' more than a couple of times now).
It was just a plain image (it really was an image) that someone had manipulated in the sence that they added bits of code inside of it. When the image was viewed on the net as any ordinary image, Internet Explorer would duplicate itself.
Extremely fast, and with a not so funny outcome as it used IE's internal imagehandling code.
"Internet Explorer of course..." you might say, but who knows... Mozilla the next time perhaps.
I think MS fixed that bug though, so even if the image is found you likely wouldn't notice it.
Posted: Tue Jan 06, 2004 1:57 am
by ceige
Ok, I finally got it to spit out some error messages for me to work off of.
Using this php line:
Code: Select all
echo unlink('path/file.jpg') ? "Deleted file." : "Failed to delete file.";
it returns:
Code: Select all
Warning: unlink(): SAFE MODE Restriction in effect. The script whose uid is 22152 is not allowed to access /home/virtual/site93/fst/home/chris/public_html/hardeman/family/thumbs owned by uid 48 in /home/virtual/site93/fst/home/chris/public_html/hardeman/delete.php on line 2
Failed to delete file.
Why does this happen?
How can I work around it?
Posted: Tue Jan 06, 2004 9:53 am
by redmonkey
Well, it means what it says on the tin!
Safe Mode is on and running UID checking. As for work arounds, has your PHP been compilied with FTP functions enabled?