mkdir in safe-mode

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
decipher
Forum Commoner
Posts: 38
Joined: Mon Mar 13, 2006 6:27 am
Location: south africa

mkdir in safe-mode

Post by decipher »

Hi There
I have trying to research this over at php.net and have posted on some other forums but all I ever get is that mkdir will not make the directory writeable, even though permissions reflect 777. The reason being:
Beware that when in safe mode, mkdir creates folders with apache's UID, though the files you create in them are of your script's UID (usually the same as your FTP uid).

What this means is that if you create a folder, you won't be able to remove it, nor to remove any of the files you've created in it (because those operations require the UID to be the same).

Ideally mkdir should create the folder with the script's UID, but this has already been discussed and will not be fixed in the near future.

In the meantime, I would advice NOT to user mkdir in safe mode, as you may end up with folders you can't remove/use.
So does anyone have any suggestions on how I can create directories using a script, and then make the dirs writable in order for files to be uploaded to that directory, all in safe-mode?
Any suggestions will be greatly appreciated.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: mkdir in safe-mode

Post by Roja »

decipher wrote:I have trying to research this over at php.net and have posted on some other forums but all I ever get is that mkdir will not make the directory writeable, even though permissions reflect 777.
Safe mode breaks the permissions model.

It essentially says "Ignore world". As a result, everything is limited to the same user that owns the file.

With that said, the directory should be writable - but only by Apache. Now, depending on how your host is setup, scripts can be run as your user (if they are using the cgi php), or as Apache (if its php as apache module).

In either case, the script that makes the directory should be able to write to it, and delete it.

Are you trying to test via ftp, or do you experience the script being denied access?
decipher
Forum Commoner
Posts: 38
Joined: Mon Mar 13, 2006 6:27 am
Location: south africa

Post by decipher »

my script returns false when trying to upload to the newly created directory
here's a bit of the code involved:

Code: Select all

$dir = $_SERVER["SITE_HTMLROOT"]."/uploaded/".$_POST['member'];
   if (!file_exists($dir)) mkdir($dir, 0777);
   set_time_limit(0);
   if (move_uploaded_file($_FILES['track']['tmp_name'], $dir."/".basename($_FILES['track']['name']))) return $filearray = array('success', $uploadfile);
   else return $filearray = array('error', 'upload failed, please try again.');
now let say member is Admin, if I create that directory via FTP and chmod it to 777, then the script works fine. Whereas if the dir does not exist, the script creates the directory, but returns that the upload failed, IE it cannot write to that dir.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

I'm betting its because the file you are trying to move (the one in the tmp dir?) is owned by someone else. Check the ownership on that file and directory. If they aren't owned by the same person, it cant be moved.
decipher
Forum Commoner
Posts: 38
Joined: Mon Mar 13, 2006 6:27 am
Location: south africa

Post by decipher »

I don't understand what you mean, or how the file can be owned by someone else. The file is on the users local machine, which i am uploading to a newly created directory..Please can you explain.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

When uploading, the file is stored in a temporary location on the server. You then have to move it once finished uploading (when your script is called) to the final destination. That's what move_uploaded_file() does.

Are you sure $_SERVER['SITE_HTMLROOT'] is set and is correct? It's not a standard entry in the superglobal. $_SERVER['DOCUMENT_ROOT'] is.
Post Reply