Making folder writable to PHP.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
jlising
Forum Commoner
Posts: 33
Joined: Mon Mar 19, 2007 1:48 am
Location: Pampanga, Philippines
Contact:

Making folder writable to PHP.

Post by jlising »

Hello,

I have a script online use to generate a zip file and write it in a folder e.g.: admin/export.
I believe changing export folder to writable permission globally is not advisable because any user can modify or can delete the files.

I came up in a scenario. First, leave the folder in read only mode. Second, before writing a file (using php file system functions) in the folder change the permission to writable. Lastly, after writing the file to the folder restore the folder permission to read only again.

Right now I have a problem with this method. I cannot write file to the export folder. I believe the cause of the error is the folder is still in read only mode.

Can anyone help me to solve this issue? Do anyone has different approach?

Many Thanks!
Jess
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Re: Making folder writable to PHP.

Post by Kieran Huggins »

chown the folder to the same user that apache runs under (www-data on debian systems) - then you can give only that user permission to write to that directory.
User avatar
jlising
Forum Commoner
Posts: 33
Joined: Mon Mar 19, 2007 1:48 am
Location: Pampanga, Philippines
Contact:

Re: Making folder writable to PHP.

Post by jlising »

Hi Kieran,

Can you give me a php code fragment using the chown and how to change the permission?
Please....

Many Thanks!
Jess
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Making folder writable to PHP.

Post by John Cartwright »

There are examples in the manual, see http://ca.php.net/chown
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Making folder writable to PHP.

Post by VladSun »

jlising wrote:Hi Kieran,

Can you give me a php code fragment using the chown and how to change the permission?
Please....

Many Thanks!
Jess
Only the superuser may change the owner of a file.
So, in order to chown file you (i.e. the Apache user) must be root. And ... DON'T run Apache as root. The same applies to chmod... So, your scenario doesn't make sense.

Kieran Huggins told you - log in as root, change the directory owner and permissions to Apache user.

If you are on shared hosting, most probably there is nothing you can do - just set the permissions to 0777 (because usually the files are owned by your ftp user, not by the Apache user). And don't worry - your hosting provider must have secured access to your files by other users.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply