Posted by Willem Bogaerts on 07/11/07 11:26

> ... There is an upload function on the site, which uploads files via POST to
> temp folder and then moves it into a folder on the host using php function
> move_uploaded_file. Under windows this works fine but on the linux host the
> uploaded file is created with 600 permissions so it cannot be accessed later
> by site visitors.

Do you serve your temp folder then?

> The folder it is uploaded into has 755 permissions. Is
> there a way of setting the default file permissions so each uploaded file
> can be set to say 644 or do I need to chmod each file after upload ?

Let me see where things go wrong. As far as I know, there is one Linux
user (let's call this account "webserver", although it has probably
another name) who does the upload to the temp folder and does all file
operations in PHP. So, theoretically, you could deny all "group" and
"other" rights on uploaded files.

Do the uploaded files show up in the temp folder? (Note that this is
hard to see, as PHP removes them if they are not processed) In general,
does the "webserver" user have enough rights on the temp folder?

Best regards,
--
Willem Bogaerts

Application smith
Kratz B.V.
http://www.kratz.nl/

[Back to original message]