Reply to Re: Upload file permissions problem

Your name:

Reply:


Posted by Jerry Stuckle on 07/11/07 12:33

Tony B wrote:
> "Willem Bogaerts" <w.bogaerts@kratz.maardanzonderditstuk.nl> wrote in
> message news:4694be50$0$339$e4fe514c@news.xs4all.nl...
>>> ... There is an upload function on the site, which uploads files via POST
>>> to
>>> temp folder and then moves it into a folder on the host using php
>>> function
>>> move_uploaded_file. Under windows this works fine but on the linux host
>>> the
>>> uploaded file is created with 600 permissions so it cannot be accessed
>>> later
>>> by site visitors.
>> Do you serve your temp folder then?
>
> Not sure what this means ?
>
>>> The folder it is uploaded into has 755 permissions. Is
>>> there a way of setting the default file permissions so each uploaded file
>>> can be set to say 644 or do I need to chmod each file after upload ?
>> Let me see where things go wrong. As far as I know, there is one Linux
>> user (let's call this account "webserver", although it has probably
>> another name) who does the upload to the temp folder and does all file
>> operations in PHP. So, theoretically, you could deny all "group" and
>> "other" rights on uploaded files.
>> Do the uploaded files show up in the temp folder? (Note that this is
>> hard to see, as PHP removes them if they are not processed) In general,
>> does the "webserver" user have enough rights on the temp folder?
> I can't see as it disappears once the upload is complete.
> However the file is uploaded ok except it ends up in the destination folder
> with a 0600 permission. So for this to happen the php upload process user
> must have write permission to whatever tmp folder is used and the
> destination folder. I can chmod the file after is is moved into the
> destination folder via move_uploaded_file(), but I'm trying to understand
> why the uploaded file permission ends up at 0600 ?
> Regards
> Tony
>
>

Tony,

Try a linux admin group. The default file mask for your apache user is
probably set up as 600.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация