assigning permission to folders in mkdir

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

assigning permission to folders in mkdir

Post by jasongr »

Hello

I was wondering if someone could give me an insight to the value that I should give as permission when I create folders.
What permission should I give to folders?
READ - does it allow people to read the content of the folder?
WRITE - does it allow people to delete the folder?
EXECUTE - does it allow people access into the folder?

I am not certain what the different access rights mean for a folder.

So if I would want to me and people in my group permission to only enter a folder and read its contain, should I set the permission to: 0550

regards
Jason
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Check out: [php_man]chmod[/php_man]()
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

I came here after reading the manual on chmod.
I was hoping someone could give me a better insight.

I also would like to ensure the following:
- People will not be able to execute files on the server after uploading them
- People will not be able to see the file structure of the server by browsing between folders (typing a direct folder name in the address bar)

regards
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Just make sure all the uploaded files are places in a not-public directory (thus outside the public_html/www).

And then use [php_man]readfile[/php_man] in a script to make the file available for download
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

what are the advantages of putting uploaded files outside of the public www directory?

How can it help me prevent users from browsing through my file system from their browser? I thought I have to play around with folder permissions to achieve this
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

This way they can't request randomly files...

Because each request has to pass your script... And in that script you can do as much validation as you like.....
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

I am not talking about the ability of users to request random files.
I am trying to understand how to solve two problems:

1) I don't want people to browse through my file structure using their browser. They can see the directory structure and the content of each directory like this. Will not giving any folder permissions to the rest of the world will do that?

2) I would want the users to be able to execute files after they upload them to the server
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

(1) If you have control of your server you can set <Directory> options. If not an .htaccess file with:

Order deny,allow
deny from all

See http://httpd.apache.org/docs/howto/htaccess.html or google around for .htaccess tutorials.

Your host might not allow you to set .htaccess files.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

jasongr wrote: 1) I don't want people to browse through my file structure using their browser. They can see the directory structure and the content of each directory like this. Will not giving any folder permissions to the rest of the world will do that?
Tell me how they can see the structure and content of each directory if the directory is not public available? It would only be possible if your script provided them access to do so.
jasongr wrote: 2) I would want the users to be able to execute files after they upload them to the server
Instead of using [php_man]readfile[/php_man] use [php_man]require[/php_man] or [php_man]include[/php_man] in the private-to-public script
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

I have access to the server configuration file.
What options do I have to set in the <Directory> directive in order to not allow uses to ability to browse directory c:/www/ on my server?

regards
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

I refering to a directory that is indeed public inside my htdocs directory.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

<Directory "C:/www">
Order deny, allow
Deny from all
</Directory>
jasongr
Forum Contributor
Posts: 206
Joined: Tue Jul 27, 2004 6:19 am

Post by jasongr »

Will this deny access to people from the rest of the world, while allow access to the apache process?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

mcgruff already gave you the answer i see...... now check that out or i give you the finger :) :)
Post Reply