Posted by Jerry Stuckle on 04/05/06 15:55

frizzle wrote:
> frizzle wrote:
>
>>bobzimuta wrote:
>>
>>>Are you allowing your web server write permissions to the folder?
>>>Assuming the webserver runs as 'nobody' .
>>>755 with ownership nobody, nobody . Otherwise you'll need
>>>775 with ownership frizzle, nobody
>>>
>>>
>>>frizzle wrote:
>>>
>>>>Gary L. Burnore wrote:
>>>>
>>>>>On 4 Apr 2006 15:10:39 -0700, "frizzle" <phpfrizzle@gmail.com> wrote:
>>>>>
>>>>>
>>>>>>Hi,
>>>>>>
>>>>>>I am at the base of an FTP thingy i'm building, and i noticed that
>>>>>>it would only work if i chmod the folder 777, i thought to remember
>>>>>>correctly that previously on another site chmod 744 was enough,
>>>>>>now it isn't.
>>>>>>Am i mistaking, and should it always be 777 ? And isn't a chmodded
>>>>>>777 folder much more vulnerable?
>>>>>
>>>>>
>>>>>Most definitely more vulnerable.
>>>>>
>>>>>
>>>>>You want 755, not 744. You need the x bit set. It should look like
>>>>>this:
>>>>>
>>>>>drwxr-xr-x ... ...
>>>>>
>>>>>
>>>>>The x on a directory means search, not execute. If you can't search
>>>>>the directory, you can't read the files in it.
>>>>>
>>>>>If you want people to be able to find the files but not list the
>>>>>directory when they're on the server, you can set the directory as 711
>>>>>which would look like:
>>>>>
>>>>>drwx--x--x ... ...
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Frizzle.
>>>>>>
>>>>>>
>>>>>>Code sofar below:
>>>>>>
>>>>>>
>>>>>>++++++++++++++++++++++++++
>>>>>><?php
>>>>>>
>>>>>> require_once('../inc/globals.php');
>>>>>>
>>>>>> if( isset( $_FILES['image'] ) ){
>>>>>>
>>>>>>$ftp_conn = @ftp_connect( $default_ftp_server )or
>>>>>>die('<b>Error!</b>');
>>>>>>@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
>>>>>>die('<bError!</b>');
>>>>>>
>>>>>>$uploaddir = '../items/';
>>>>>>$uploadfile = $uploaddir . basename( $_FILES['image']['name'] );
>>>>>>
>>>>>>if ( move_uploaded_file( $_FILES['image']['tmp_name'], $uploadfile ) ){
>>>>>> echo "File is valid, and was successfully uploaded.";
>>>>>>} else {
>>>>>> echo "Possible file upload attack!";
>>>>>>};
>>>>>>
>>>>>>ftp_close( $ftp_conn );
>>>>>>
>>>>>>};
>>>>>>
>>>>>>?>
>>>>>><form action="<?php echo $PHP_SELF; ?>" method="post"
>>>>>>enctype="multipart/form-data" name="images" target="_top" id="images"
>>>>>>class="form">
>>>>>> <input name="image" type="file" id="image">
>>>>>> <br>
>>>>>> <input type="submit" name="upload" id="upload" value="Upload">
>>>>>> <input name="cancel" type="button" id="cancel" value="Cancel"
>>>>>>onClick="javascript:history.go(-1) ">
>>>>>></form><?php
>>>>>>
>>>>>> if (is_dir($uploaddir)) {
>>>>>> if ($dh = opendir($uploaddir)) {
>>>>>> while (($file = readdir($dh)) !== false) {
>>>>>> if ($file !== '..' && $file !== '.') echo "filename: $file :
>>>>>>filetype: " . filetype($uploaddir . $file) . "<br>\r\n";
>>>>>> }
>>>>>> closedir($dh);
>>>>>> }
>>>>>> };
>>>>>>
>>>>>>?>
>>>>>>----------------------------------------------------
>>>>>
>>>>>--
>>>>>gburnore at DataBasix dot Com
>>>>>---------------------------------------------------------------------------
>>>>> How you look depends on where you go.
>>>>>---------------------------------------------------------------------------
>>>>>Gary L. Burnore | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
>>>>> | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
>>>>>Official .sig, Accept no substitutes. | ÝÛ³ºÝ³Þ³ºÝ³³Ýۺݳ޳ºÝ³Ý³Þ³ºÝ³ÝÝÛ³
>>>>> | ÝÛ 0 1 7 2 3 / Ý³Þ 3 7 4 9 3 0 Û³
>>>>>Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
>>>>>===========================================================================
>>>>
>>>>Hmm, i still get an error; i chmodded both the destination folder AND
>>>>the executing script-file 755.
>>>>
>>>>Warning: move_uploaded_file(../items/bg.jpg): failed to open stream:
>>>>Permission denied in
>>>>/home/httpd/vhosts/domain.com/httpdocs/new/admin/ftptest.php on line 15
>>>>
>>>> Read mode Write mode Execute/search mode
>>>>Owner + + +
>>>>Group + - +
>>>>Others + - +
>>>>
>>>>Frizzle.
>>
>>Standard (DW created files/dirs) have user 'domainname', permissions
>>'rwx r-x r-x ',
>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>--- --- '
>>
>>Frizzle.
>
>
> Is there a possibility to upload files via PHP without Chmodding, and
> keep the same group / permissions on uploaded files as those uploaded
> with, say, DreamWeaver or WS_FTP ?
>
> Frizzle.
>
> (E.g. with ftp_put() wich i can't seem to get working.)
>

Only if you can ftp in as the web server.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Can anyone tell me why php scripts are not parsed ???
• Prev in forum: Re: selecting specific tag
• Thread view: Re: Chmod

[Reply to this message]