Reply to Re: Chmod

Your name:

Reply:


Posted by Jerry Stuckle on 04/12/06 02:42

frizzle wrote:
> Jerry Stuckle wrote:
>
>>frizzle wrote:
>>
>>>Jerry Stuckle wrote:
>>>
>>>
>>>>frizzle wrote:
>>>>
>>>>
>>>>>Jerry Stuckle wrote:
>>>>>
>>>>>
>>>>>
>>>>>>frizzle wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Jerry Stuckle wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>frizzle wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Jerry Stuckle wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>frizzle wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>Jerry Stuckle wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>frizzle wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>Jerry Stuckle wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>frizzle wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>Jerry Stuckle wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>frizzle wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>Jerry Stuckle wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>Gary L. Burnore wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>On Wed, 05 Apr 2006 07:55:14 -0500, Jerry Stuckle
>>>>>>>>>>>>>>>>>>><jstucklex@attglobal.net> wrote:
>>>>>>>>>>>>>>>>>>>.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>Standard (DW created files/dirs) have user 'domainname', permissions
>>>>>>>>>>>>>>>>>>>>>>'rwx r-x r-x ',
>>>>>>>>>>>>>>>>>>>>>>Ftp app uploaded (with chmod 777) have user 'apache', permissions 'rw-
>>>>>>>>>>>>>>>>>>>>>>--- --- '
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>Frizzle.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>Is there a possibility to upload files via PHP without Chmodding, and
>>>>>>>>>>>>>>>>>>>>>keep the same group / permissions on uploaded files as those uploaded
>>>>>>>>>>>>>>>>>>>>>with, say, DreamWeaver or WS_FTP ?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>Frizzle.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>(E.g. with ftp_put() wich i can't seem to get working.)
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>Only if you can ftp in as the web server.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>It depends on the ftp server, actually. Our ftp server correctly sets
>>>>>>>>>>>>>>>>>>>the permissions for you when you push. Seems your ISP has something
>>>>>>>>>>>>>>>>>>>set incorrectly.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>No, he was asking how to upload files with PHP - not with FTP.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>--
>>>>>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>>>>>>Remove the "x" from my email address
>>>>>>>>>>>>>>>>>>Jerry Stuckle
>>>>>>>>>>>>>>>>>>JDS Computer Training Corp.
>>>>>>>>>>>>>>>>>>jstucklex@attglobal.net
>>>>>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>Sorry, kind of lost it here; is it possible to FTP via PHP w/o any
>>>>>>>>>>>>>>>>>chmodding etc.
>>>>>>>>>>>>>>>>>So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>>>>>>>>upload it, and
>>>>>>>>>>>>>>>>>have the upload script up and running ... ?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>Frizzle.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>Frizzle,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>No, you can't upload via PHP. FTP is a system service, just as telnet, ssh and
>>>>>>>>>>>>>>>>web server are.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>When you ftp a file to the server, the owner of the file is the userid who
>>>>>>>>>>>>>>>>uploaded the file (signed into ftp). But when you upload via PHP, you're using
>>>>>>>>>>>>>>>>the web server, and the owner is the userid of the server itself.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>--
>>>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>>>>Remove the "x" from my email address
>>>>>>>>>>>>>>>>Jerry Stuckle
>>>>>>>>>>>>>>>>JDS Computer Training Corp.
>>>>>>>>>>>>>>>>jstucklex@attglobal.net
>>>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>Ok, thanks.
>>>>>>>>>>>>>>>Not to go on and on about this, but the other thing i asked is
>>>>>>>>>>>>>>>impossible as well then?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>"So i could mail a zipfile to a client, tell them to unpack it and
>>>>>>>>>>>>>>>upload it,
>>>>>>>>>>>>>>>and have the upload script up and running ... ?"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>Frizzle.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>It's easy to ftp or to upload via PHP. Both work quite well (unless the
>>>>>>>>>>>>>>server's configuration is screwed up). It's when you try to mix the two you
>>>>>>>>>>>>>>start running into permission problems and need to chmod.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>--
>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>>Remove the "x" from my email address
>>>>>>>>>>>>>>Jerry Stuckle
>>>>>>>>>>>>>>JDS Computer Training Corp.
>>>>>>>>>>>>>>jstucklex@attglobal.net
>>>>>>>>>>>>>>==================
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>owkaaaaayyyy, i never realized ftp and uploading aren't the same
>>>>>>>>>>>>>thing...
>>>>>>>>>>>>>I don't need to mix them, i need a script to upload files, wich can
>>>>>>>>>>>>>prefferably
>>>>>>>>>>>>>run without any chmodding etc.
>>>>>>>>>>>>>
>>>>>>>>>>>>>Frizzle.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>Ok, you just need to ensure you have the original directory permissions set
>>>>>>>>>>>>properly, then. In a typical installation the directory would be owned by the
>>>>>>>>>>>>webserver's userid with permissions of 755.
>>>>>>>>>>>>
>>>>>>>>>>>>And I hope I didn't confuse you. You can upload via HTTP, or with the ftp PUT
>>>>>>>>>>>>command. In either case the file ends up on the server. But how it gets there
>>>>>>>>>>>>is much different.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>--
>>>>>>>>>>>>==================
>>>>>>>>>>>>Remove the "x" from my email address
>>>>>>>>>>>>Jerry Stuckle
>>>>>>>>>>>>JDS Computer Training Corp.
>>>>>>>>>>>>jstucklex@attglobal.net
>>>>>>>>>>>>==================
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>When i create a new folder, either via Plesk, Dreamweaver or WS_FTP,
>>>>>>>>>>>folders are standard chmodded 755.
>>>>>>>>>>>That should be allright then ...
>>>>>>>>>>>
>>>>>>>>>>>Frizzle.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>*Should be* is the key. If your host has things set ip properly, then yes you
>>>>>>>>>>should be OK. But if not...
>>>>>>>>>>
>>>>>>>>>>And I'm not sure about Plesk, but I know DreamWeaver and WS_FTP both use ftp to
>>>>>>>>>>transfer files. I suspect Plesk does, also.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>--
>>>>>>>>>>==================
>>>>>>>>>>Remove the "x" from my email address
>>>>>>>>>>Jerry Stuckle
>>>>>>>>>>JDS Computer Training Corp.
>>>>>>>>>>jstucklex@attglobal.net
>>>>>>>>>>==================
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>Well, ok, but where should i focus now to build a script to upload
>>>>>>>>>files to my server?
>>>>>>>>>FTP, or an other file transfer method?
>>>>>>>>>It would be ideal if i could also create / delete folders ...
>>>>>>>>>
>>>>>>>>>Frizzle.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>Frizzle,
>>>>>>>>
>>>>>>>>It depends on how you want to do things. If you're going to be the only one
>>>>>>>>uploading, you can do ftp or http uploads. If you have users who may not be
>>>>>>>>familiar with ftp, you should do http uploads.
>>>>>>>>
>>>>>>>>The downside of http uploads is you can't synchronize files between your local
>>>>>>>>copy and the website with products like Dreamweaver.
>>>>>>>>
>>>>>>>>You can create and delete directories in PHP also, assuming your host hasn't
>>>>>>>>disabled these functions and you have the appropriate permissions. So that's
>>>>>>>>not a problem.
>>>>>>>>
>>>>>>>>It's all in how you want to maintain your site.
>>>>>>>>
>>>>>>>>
>>>>>>>>--
>>>>>>>>==================
>>>>>>>>Remove the "x" from my email address
>>>>>>>>Jerry Stuckle
>>>>>>>>JDS Computer Training Corp.
>>>>>>>>jstucklex@attglobal.net
>>>>>>>>==================
>>>>>>>
>>>>>>>
>>>>>>>It's meant for a user based site; users with certain priviledges are
>>>>>>>allowed to add news and files to the site. No synchronizing
>>>>>>>needed. Mostly images and mp3's, maybe some docs etc.
>>>>>>>
>>>>>>>Frizzle.
>>>>>>>
>>>>>>
>>>>>>In that case I would suggest http uploads.
>>>>>>
>>>>>>Maybe the easiest way is to have an admin page where you can let PHP create the
>>>>>>root directory(s) you wish, then let the main part of the site upload into these
>>>>>>directories and, if necessary, create new directories.
>>>>>>
>>>>>>If the webserver creates them it will be the owner, also.
>>>>>>
>>>>>>--
>>>>>>==================
>>>>>>Remove the "x" from my email address
>>>>>>Jerry Stuckle
>>>>>>JDS Computer Training Corp.
>>>>>>jstucklex@attglobal.net
>>>>>>==================
>>>>>
>>>>>
>>>>>Hmm, hope i'm not back at the start (the chmodding part) i get an
>>>>>error:
>>>>>
>>>>>Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The
>>>>>script whose uid is 10008 is not allowed to access / owned by uid 0 in
>>>>>/home/httpd/vhosts/host.com/httpdocs/test/admin/ftp2.php on line 17
>>>>>
>>>>>Here is some more debugging info:Array
>>>>>(
>>>>> [userfile] => Array
>>>>> (
>>>>> [name] => photo.jpg
>>>>> [type] => image/jpeg
>>>>> [tmp_name] => /tmp/phpejdmGr
>>>>> [error] => 0
>>>>> [size] => 11469
>>>>> )
>>>>>
>>>>>)
>>>>>
>>>>>
>>>>>Does this have something to do with the Chmodding again ? (Please tell
>>>>>me it doesn't...)
>>>>>
>>>>>Frizzle.
>>>>>
>>>>
>>>>I have no idea - don't know what code you're using.
>>>>
>>>>But it looks like you're trying to access the system root directory ('/') -
>>>>which is owned by root. You can't do it.
>>>>
>>>>
>>>>--
>>>>==================
>>>>Remove the "x" from my email address
>>>>Jerry Stuckle
>>>>JDS Computer Training Corp.
>>>>jstucklex@attglobal.net
>>>>==================
>>>
>>>
>>>
>>>You were right, i forgot a dot (shame on me) in the path. My code is
>>>below.
>>>Having fixed that, it gave me the next (of how many :s ) error:
>>>
>>>--- ERROR ---
>>>
>>>Warning:
>>>move_uploaded_file(/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg):
>>>failed to open stream: Permission denied in
>>>/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17
>>>
>>>
>>>
>>>Warning: move_uploaded_file(): Unable to move '/tmp/phpzeJkaC' to
>>>'/home/httpd/vhosts/host.com/httpdocs/new/admin/uploads/photo.jpg' in
>>>/home/httpd/vhosts/host.com/httpdocs/new/admin/ftp2.php on line 17
>>>
>>>Possible file upload attack!
>>>Here is some more debugging info:Array
>>>(
>>> [userfile] => Array
>>> (
>>> [name] => photo.jpg
>>> [type] => image/jpeg
>>> [tmp_name] => /tmp/phpzeJkaC
>>> [error] => 0
>>> [size] => 11469
>>> )
>>>
>>>)
>>>
>>>--- END ERROR ---
>>>
>>>The folder i'm trying to access is /test/admin/uploads
>>>and it does exist. (checked).
>>>I hope you can tel me what's wrong. Anyway, i really appreciate all
>>>your effort for trying to help me!
>>>
>>>Frizzle.
>>>
>>>My entire exact code is below:
>>>
>>>++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>><?php
>>>
>>>require_once('../inc/globals.php');
>>>
>>>/*$ftp_conn = @ftp_connect( $default_ftp_server )or
>>>die('<b>Error!</b><br>FTP Host Niot Found!');
>>>@ftp_login( $ftp_conn, $default_ftp_user, $default_ftp_pass )or
>>>die('<b>Error!</b><br>Wrong FTP-login name or FTP-pass!');
>>>
>>>@ftp_close( $ftp_conn );*/
>>>
>>>if( isset( $_FILES['userfile'] ) ){
>>>
>>>
>>>$uploaddir = './uploads/';
>>>$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
>>>
>>>echo '<pre>';
>>>if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
>>>echo "File is valid, and was successfully uploaded.\n";
>>>} else {
>>>echo "Possible file upload attack!\n";
>>>}
>>>
>>>echo 'Here is some more debugging info:';
>>>print_r($_FILES);
>>>
>>>print "</pre>";
>>>
>>>};
>>>
>>>?>
>>><form action="<?php echo $PHP_SELF; ?>" method="post"
>>>enctype="multipart/form-data" name="images" target="_top" id="images"
>>>class="form">
>>><input name="userfile" type="file" id="userfile">
>>><br>
>>><input type="submit" name="upload" id="upload" value="Upload!">
>>><input name="cancel" type="button" id="cancel" value="Cancel"
>>>onClick="javascript:if(confirm('Sure?')){ history.go(-1) }else{}">
>>></form><?php
>>>
>>>if (is_dir($uploaddir)) {
>>>if ($dh = opendir($uploaddir)) {
>>>while (($file = readdir($dh)) !== false) {
>>>if ($file !== '..' && $file !== '.') echo "filename: $file : filetype:
>>>" . filetype($uploaddir . $file) . "<br>\r\n";
>>>}
>>>closedir($dh);
>>>}
>>>};
>>>
>>>?>
>>>
>>>++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>
>>
>>OK, who owns the directory, and what are its flags? And what's the userid of
>>the webserver?
>>
>>--
>>==================
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>jstucklex@attglobal.net
>>==================
>
>
> User: domainname
> Group: psacln
> Permissions: rwx r-x r-x
>
> Userid i don't know. How could i check that ?
>
> Frizzle.
>

Well, the Apache user is usually (but not always) the owner of the document root
directory. Or you can ask your webhost.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация