Page 1 of 1

File uploads... Unix permissions.

Posted: Sun Jul 23, 2006 9:14 am
by bokehman
On a Unix box, in order to upload files to a certain directory it must have at least 707 permissions. In that state what stops other parties that share the server writing to that directory? The server is not running any open_base_directory restrictions (according to phpinfo).

Posted: Sun Jul 23, 2006 9:30 am
by feyd
Generally, nothing stops them. In shared hosts, I prefer to use a backend FTP upload if their security is of concern.

Posted: Sun Jul 23, 2006 9:44 am
by Chris Corbyn
I replied to your thread on Sitepoint but basically if the host uses suexec then you don't need the permissions you mentioned since only *you* need write access. If not then you're stuck with simple file uploads. I guess FTP'ing to localhost with your username and password, as per feyd's suggestion wouldn't add a huge amount of overhead though... file uploads aren't exactly fast in any case since most of the time will be TCP traffic.

Posted: Sun Jul 23, 2006 9:58 am
by bokehman
ftp_connect() is not enabled on this server but it was a nice idea. Can you expand on the suexec a bit, I'm not familiar with it.

Posted: Sun Jul 23, 2006 10:09 am
by bokehman
By the way if php creates the file it belongs to "nobody".

Posted: Sun Jul 23, 2006 10:12 am
by Chris Corbyn
bokehman wrote:ftp_connect() is not enabled on this server but it was a nice idea. Can you expand on the suexec a bit, I'm not familiar with it.
Web hosts have the ability to run PHP either as a module under apache, or using CGI.

Using the module means that PHP will use the userid of apache and that's that.

Uisng CGI calls the interpreter outside of apache itself so it can be run under a different userid. suexec is an apache module which allows you to change the userid in this way so combine it with the CGI and you're able to affect the PHP userid.

Now, the great thing about apache is that you can change it's settings on a per-directory basis. So for each person's home directory on the server PHP can be run under a different userid. It makes sense to get PHP running under the userid of the account holder. Many hosts do this.

Of course, if everybody on the server is running PHP as themselves it's alot easier to restrict access to your files from other users because you can just set the permissions to yourself and nobody else.

Like I say, the quickest way to figure it out would be to create a file using PHP and then use FTP to view the ownership details on the file ;)

Posted: Sun Jul 23, 2006 10:14 am
by Chris Corbyn
bokehman wrote:By the way if php creates the file it belongs to "nobody".
That sucks :twisted: In that case anybody else running a PHP script has access to your files I bet. I'd suggest testing it on someone else's account but I can't give you instructions because it's not allowed.

Posted: Sun Jul 23, 2006 11:42 am
by bokehman
Well, it doesn't seem too secure. I have a recursive directory read function and set it to start at ../ and it can read everything. File content is readable too... things like this...

$dbhost = 'www.*****.com';
$dbname = '*****_db';
$dbuser = '*****';
$dbpasswd = '*****';

I wasn't really too happy about the server when I took the job on. I've been on to the client and told them it's not secure but they say they don't want to change "because they are nice people and just down the road".