Page 1 of 1

A little help?

Posted: Wed Nov 13, 2002 9:01 pm
by caseyd_dot_net
Just for the record, I'm relatively new to Linux and PHP.

I was making a guestbook for my website, and since I don't have root access on the apache server, I was creating my own pseudo-database in PHP that dynamically created directories and placed files containing the posts in them. It would look for the directory, which would be named that day's date (like 111302, for example), and if it didn't find it, it would create it. The funny thing is that, when I tried it on the web, it created the directory and placed the text file in it just fine, but when I logged into my account on the server, I did not have permissions to read,write, or modify the directory or anything in it. After that, I wrote a little PHP page to delete the offending directory, and when I visited the page it deleted fine. What the hell is that? Who would the directory belong to in this case? I'm baffled.

Thanks,
caseyd

Posted: Wed Nov 13, 2002 10:25 pm
by skyhawk133
One thing you can do is CHMOD the directory after you set it up using the PHP scripts which potentially has more permissions than you as a user:
chmod ("/somedir/somefile", 755); // decimal; probably incorrect
chmod ("/somedir/somefile", "u+rwx,go+rx"); // string; incorrect
chmod ("/somedir/somefile", 0755); // octal; correct value of mode

Posted: Thu Nov 14, 2002 12:33 pm
by caseyd_dot_net
If the PHP execution from the website has higher permissions than my user account, that seems like it might open a bit of a security hole. <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>.