Login using server accounts

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
daven
Forum Contributor
Posts: 332
Joined: Tue Dec 17, 2002 1:29 pm
Location: Gaithersburg, MD
Contact:

Login using server accounts

Post by daven »

Situation:
My server has several web accounts (/home/*/public_html). I am trying to write a pseudo-WS_FTP program to permit upload/management of files on the server, including mkdir, rmdir, chmod, etc.

Problem:
There is a security issue. I want users to be able to create/alter files in their directories only, similiar to if they were accessing the server via WS_FTP or an SSH client (user1 can play with files in /home/user1/, but not in /home/user2/). Therefore, doing a chmod(0777) to all directories is not an option.

What I basically need is a way for PHP to login to the server as if the user is coming from an SSH console.

Note: Since I am the sys admin, I can easily make a DB table with username/password/homeDir combinations when I set up new users.

Note 2: Having users go through WS_FTP, PSFTP, etc., is not an option according to my boss.
User avatar
CAN007
Forum Newbie
Posts: 9
Joined: Fri Jun 06, 2003 2:00 pm
Location: Toronto, Ontario, Canada

Try this one

Post by CAN007 »

http://webmanager.sourceforge.net/

Try this program... I have played with it a bit... seems to work fine, however, no guarantees! :)
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Can you have people upload to an "incoming/username" directory with web writeable permissions, with a priviledged cron job moving files to the local protected /home/username/ directories? Or you could even just load the files into the database directory and not bother with recreating a duplicate incoming filesystem....
User avatar
CAN007
Forum Newbie
Posts: 9
Joined: Fri Jun 06, 2003 2:00 pm
Location: Toronto, Ontario, Canada

Post by CAN007 »

I have been working on a file upload html page for people to send large files, databases, to have repaired (re-indexed etc), but I have created a short script to do just the uploading....

<?php
ini_set('upload_max_filesize','50M');
ini_set('post_max_size','55M');
ini_set('max_execution_time','0');
ini_set('memory_limit','50M');
//header("Content-Transfer-Encoding: binary");
?>
<html>
<head>
<body>
<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="50000000">
File: <input name="userfile" type="file" /><br />
<input type="submit" value="Upload" />
</form>

<?php
if (@is_uploaded_file($_FILES["userfile"]["tmp_name"])) {
//copy($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);
move_uploaded_file($_FILES["userfile"]["tmp_name"], "files/" . $_FILES["userfile"]["name"]);



echo "<p>File uploaded successfully.</p>";
}
?>
</body></html>

My first hurdle was the files were over the 2Mg limit (solved by editing the .htaccess - php values), now the second, some... not many are over the 8Mg limit.. (last week one was almost 30Mg).

Do you find the need for files over the 8Mg limit, and if so, how do you think you would get around it?

Thanks, James
Post Reply