|
|
Posted by Tony B on 07/11/07 11:36
"Willem Bogaerts" <w.bogaerts@kratz.maardanzonderditstuk.nl> wrote in
message news:4694be50$0$339$e4fe514c@news.xs4all.nl...
>> ... There is an upload function on the site, which uploads files via POST
>> to
>> temp folder and then moves it into a folder on the host using php
>> function
>> move_uploaded_file. Under windows this works fine but on the linux host
>> the
>> uploaded file is created with 600 permissions so it cannot be accessed
>> later
>> by site visitors.
>
> Do you serve your temp folder then?
Not sure what this means ?
>> The folder it is uploaded into has 755 permissions. Is
>> there a way of setting the default file permissions so each uploaded file
>> can be set to say 644 or do I need to chmod each file after upload ?
>
> Let me see where things go wrong. As far as I know, there is one Linux
> user (let's call this account "webserver", although it has probably
> another name) who does the upload to the temp folder and does all file
> operations in PHP. So, theoretically, you could deny all "group" and
> "other" rights on uploaded files.
> Do the uploaded files show up in the temp folder? (Note that this is
> hard to see, as PHP removes them if they are not processed) In general,
> does the "webserver" user have enough rights on the temp folder?
I can't see as it disappears once the upload is complete.
However the file is uploaded ok except it ends up in the destination folder
with a 0600 permission. So for this to happen the php upload process user
must have write permission to whatever tmp folder is used and the
destination folder. I can chmod the file after is is moved into the
destination folder via move_uploaded_file(), but I'm trying to understand
why the uploaded file permission ends up at 0600 ?
Regards
Tony
Navigation:
[Reply to this message]
|