Problems Restricting Access Via Chmod

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
adam3223
Forum Newbie
Posts: 2
Joined: Tue Aug 09, 2005 8:04 pm

Problems Restricting Access Via Chmod

Post by adam3223 »

I wanted to change the chmod values of certain image files on my webserver so they cannot be accessed directly.

I was under the impression a local php script could still read them even thought they are blocked from the outside world.

Is this true as i can't get it working??

N.B using this to load image:

Code: Select all

<?php
	Header("Content-type: image/jpg"); 
	$image = imagecreatefromjpeg('pictures/1st social/social 001.jpg'); 
	imagejpeg ($image);
	imagedestroy ($image); 
?>
Thanks in Advance
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if set properly, it should be readable.. You could potentially (if your host allows) to place the images outside your webroot, making it impossible to gain "direct" access to them through the website.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Whether or not a local PHP script can read the file depends on the permissions of the file.

In Linux, the permissions are Owner execute/read/write, Group execute/read/write, World execute/read/write. If you change the mode so that only the owner can read, and PHP isn't running as that user, then it won't be able to read the file.

What are the permissions on the file before and after you chmod it?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
adam3223
Forum Newbie
Posts: 2
Joined: Tue Aug 09, 2005 8:04 pm

Post by adam3223 »

I could put them outside my webroot but i would like to know what i'm doing wrong.

I change the cmod value so Everyone Cannot Read and leave the others the same. (chmod value 640)

Also the folders above it are set to 711 to stop indexing and general access.

Edit defaults of files is 644, it is a linux server
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

I just realized that there's no way (using just permissions), to restrict public access to images and still have the files accessible via php (unless you're running a CLI script). PHP will access the files as the apache user. A user typing in the address of the file directly will also access the files as the apache user.

The only way to restrict access is to move the files outside the web root.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Use .htaccess:
- It can be in a public webdir
- Apache/php can read it, people can't request it via http

Shared hosting:
- Make all the users their group 'users'
- Run apache as something that is in a 'services' group.

Now you can easily create userdirectories that are owned by user:services
User should get rwx and services only need x

The webdir etc in the userdirectories will be owned by user:users, so you need to give access to others (notice that only users from the services group can get here, so that's ok :))

With mod_safe enabled you should be able to keep foreigners out your files :)
Post Reply