Page 1 of 1
assigning permission to folders in mkdir
Posted: Wed Sep 01, 2004 2:27 am
by jasongr
Hello
I was wondering if someone could give me an insight to the value that I should give as permission when I create folders.
What permission should I give to folders?
READ - does it allow people to read the content of the folder?
WRITE - does it allow people to delete the folder?
EXECUTE - does it allow people access into the folder?
I am not certain what the different access rights mean for a folder.
So if I would want to me and people in my group permission to only enter a folder and read its contain, should I set the permission to: 0550
regards
Jason
Posted: Wed Sep 01, 2004 2:37 am
by m3mn0n
Check out: [php_man]chmod[/php_man]()
Posted: Wed Sep 01, 2004 2:51 am
by jasongr
I came here after reading the manual on chmod.
I was hoping someone could give me a better insight.
I also would like to ensure the following:
- People will not be able to execute files on the server after uploading them
- People will not be able to see the file structure of the server by browsing between folders (typing a direct folder name in the address bar)
regards
Posted: Wed Sep 01, 2004 5:33 am
by timvw
Just make sure all the uploaded files are places in a not-public directory (thus outside the public_html/www).
And then use [php_man]readfile[/php_man] in a script to make the file available for download
Posted: Wed Sep 01, 2004 5:39 am
by jasongr
what are the advantages of putting uploaded files outside of the public www directory?
How can it help me prevent users from browsing through my file system from their browser? I thought I have to play around with folder permissions to achieve this
Posted: Wed Sep 01, 2004 5:41 am
by timvw
This way they can't request randomly files...
Because each request has to pass your script... And in that script you can do as much validation as you like.....
Posted: Wed Sep 01, 2004 5:51 am
by jasongr
I am not talking about the ability of users to request random files.
I am trying to understand how to solve two problems:
1) I don't want people to browse through my file structure using their browser. They can see the directory structure and the content of each directory like this. Will not giving any folder permissions to the rest of the world will do that?
2) I would want the users to be able to execute files after they upload them to the server
Posted: Wed Sep 01, 2004 7:39 am
by McGruff
(1) If you have control of your server you can set <Directory> options. If not an .htaccess file with:
Order deny,allow
deny from all
See
http://httpd.apache.org/docs/howto/htaccess.html or google around for .htaccess tutorials.
Your host might not allow you to set .htaccess files.
Posted: Wed Sep 01, 2004 8:22 am
by timvw
jasongr wrote:
1) I don't want people to browse through my file structure using their browser. They can see the directory structure and the content of each directory like this. Will not giving any folder permissions to the rest of the world will do that?
Tell me how they can see the structure and content of each directory if the directory is not public available? It would only be possible if your script provided them access to do so.
jasongr wrote:
2) I would want the users to be able to execute files after they upload them to the server
Instead of using [php_man]readfile[/php_man] use [php_man]require[/php_man] or [php_man]include[/php_man] in the private-to-public script
Posted: Wed Sep 01, 2004 8:22 am
by jasongr
I have access to the server configuration file.
What options do I have to set in the <Directory> directive in order to not allow uses to ability to browse directory c:/www/ on my server?
regards
Posted: Wed Sep 01, 2004 8:25 am
by jasongr
I refering to a directory that is indeed public inside my htdocs directory.
Posted: Wed Sep 01, 2004 8:28 am
by timvw
<Directory "C:/www">
Order deny, allow
Deny from all
</Directory>
Posted: Wed Sep 01, 2004 8:37 am
by jasongr
Will this deny access to people from the rest of the world, while allow access to the apache process?
Posted: Wed Sep 01, 2004 11:18 am
by timvw
mcgruff already gave you the answer i see...... now check that out or i give you the finger
