I have a script that resizes images and then save the new images.
I can't save the new image if the original image didn't have 777 permissions.
I know that 777 is risky, so when using different permissions such as 775 or 755 it does nothing.
Why it does nothing?
how to fix it?
EDIT:
I want to be able to save the files using my script no matter what the permission of the IMAGE is/was.
It all because your server is badly configured, which means httpd runs as different user than owns all the files and this requires write permission set for others. The solution would be to fix the server configuration so these user ids match. But it's not trivial if you are not familiar with the server administration. Other (but this is not really a solution) would be to to put these two users into one group, so that way instead of giving everyone write access you "limit" it to your group only. But this is not a way to go though. Alternatively, if you are the only user on the server you may set httpd to run on your userid/groupid instead of its own. But, again, this should not be considered a "solution".
You can re-set the User and Group parameters in Apache config file to run it as another user.
Your web server is running under a different user than user who owns the images. To find out under which user is your webserver running, create and run this php script
<?php
echo shell_exec('whoami');
?>
1) You create a new folder with 777 permission.
2) save the image in that folder.
I dont think you would need 777 on the original image.
.
.
For the security, you need:
A) check extension of uploaded files and call the custom resize/image function. This will ensure the file is always converted into an image.
B) [.htaccess] (inside your user upload image directory) =
#Disable directory indexes & folder listing
[deny any file other than image]
<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>
You can try to chmod afterwards, but it's strongly dependent on the rights the php daemon has;
chmod("/somedir/somefile", 755);
With fileperms() you can get the current permissions of the created file(s).
Related
I am using Jasperreports for generating the reports. When I am generating the new reports it will be own by root with permission of 644. So other users dont have permission to view this report.I want to change the ownership of the file or change the permission.So everyone can view or download the reports.
I tried below php functions
chmod($item, 0777);
chown($path, 'www-data');
It gives
error: dont have permission to do this
. Because its own by root and current user is www-data.
Anyone please help me,
Actually, based on what you're saying, all users have permissions to view that file. 644 means owner can read and write, and group and others can only read. If your script is getting an error reading that file, it might be because of the permissions of the directories in is path, but not the file itself.
If you could change the owner or permissions of a file owned by root like that, it would subvert the whole concept of unix file permissions. Think about it.
You can always change the user running these reports though, or add logic on the report generation side to move or change the permissions on the file as the user who owns it.
As an aside, chmod 777 is an ugly kludge used only by those who have little knowledge of unix permissions . Professionals don't do it. You should bump your understanding of unix file permissions to the next level:
https://www.tutorialspoint.com/unix/unix-file-permission.htm looks promising.
According to the manual, the owner and the supersuer have the right to do this.
And you only chage the file mod or owner, will not do. You have also to change the path.
chown
Attempts to change the owner of the file filename to user user. Only
the superuser may change the owner of a file.
Note: This function will not work on remote files as the file to be examined must be accessible via the server's filesystem.
Note: When safe mode is enabled, PHP checks whether the files or directories being operated upon have the same UID (owner) as the
script that is being executed.
chmod
Attempts to change the mode of the specified file to that given in
mode. Note: The current user is the user under which PHP runs. It is
probably not the same user you use for normal shell or FTP access. The
mode can be changed only by user who owns the file on most systems.
Note: This function will not work on remote files as the file to be
examined must be accessible via the server's filesystem.
Note: When safe mode is enabled, PHP checks whether the files or
directories you are about to operate on have the same UID (owner) as
the script that is being executed. In addition, you cannot set the
SUID, SGID and sticky bits.
I have web server which allows for image uploading. When the user uploads an image, it uploads onto the server but when try to access the file using the browser from other pages it is giving me:
403 forbidden
What kind of permissions should the files have for accessing the images publicly?
i think the permission code you want to change it to is 0644
Here's how to change the permission of a file with php.
chmod()
At least, for reading =). That will be chmod('0644') in PHP.
Make sure, that directory, where image files are placed, also is accessible for reading, thus both access rights and .htaccess settings grants reading access..
Try 3-digit chmod 664 command. The last digit sets the permission for class 'others', which basically encloses all your client-side users. 4 stands for read-only.
I am developing an application which is having 2 servers. The first one is Web Server, where I save my PHP files and another one is File Server where I am storing all the files uploaded by the user.
I want to assign the write permission to directory at runtime so that I can upload the file and after uploading the file I need to change its permission to its previous state.
When I tried chomod(FILE_PATH, 0755). It shows me an error. Assign write permission as root. I have the administrator level credentials of File Server.
What I want is to "Grant permission 777 to the directory by logging in as root at runtime"
Kindly help if there is any code sample available. Thanks in Advance.
You do NOT want to have your server logging in as root. Let me say that again. You really do NOT want your webserver to be logged on as root. If you did that, anyone that got control of PHP could do anything at all on the server. It is seriously unadvisable.
What you want to do is change the owner of the folder to either be the webserver, or assign it into the same group so that the webserver can happily change your folder options and the like.
You can use sudo chown username somedir to change the owner. This article might also help clear up permissions for you.
Edit: Try this blog post for a fairly good broad-ranging article on linux permissions.
I want to display image through PHP.
When I put image in /var/www/ directory then it is working fine, I am giving full path.
But when I put image in some other directory (say home) then it is not displaying.
Usually, servers have some kind of sandbox which prevent your code to access files outside of it for security reasons.
I encourage you to put all data you want your server to be able to access inside its folders (/var/www directory or subdirectories of it)
First off, you should really check your error logs as they will probably point you in the right direction.
Without more information, I'd have an educated guess that the Apache user does not have rights to the file and/or the containing directories.
You can change permissions using the chown and chmod commands in a shell.
EDIT: But don't allow access to any dir with sensitive data (e.g. your home directory) to the webserver!
I have checked out articles and tutorials.
I don't know what to do about the security of my picture upload-folder.
It is pictures for classifieds which should be uploaded to the folder.
This is what I want:
Anybody may upload images to the folder.
The images will be moved to another folder, by another php-code later on (automatic).
Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days.
What should I do here?
The images are uploaded via a php-upload script.
This script checks to see if the extension of the file is actually a valid image-file.
When I try this:
chmod 755 images
the images wont be uploaded.
But like this it works:
chmod 777 images
But 777 is a security risk right?
Please give me detailed information...
The Q is, what to do to solve this problem, not info about what permissions there are etc etc...
Thanks
If you need more info let me know...
You have to make sure the upload folder is owned by apache or whoever user is as which the http server is started.
Alternatively you can use 775 owned by the UID who will be collecting the files and with as gid the group id as which the webserver is started.
There are of course variations on these themes.
As long as the webserver user or webserver group has permission to write in the folder, it will be fine for uploading.
There are all kind of cornercases, but then we'll need more info about your setup.
0 No Permissions (the user(s) cannot
do anything)
1 Execute Only (the user(s) can only
execute the file)
2 Write Only (the user(s) can only
write to the file)
3 Write and Execute Permissions
4 Read Only
5 Read and Execute Permissions
6 Read and Write Permissions
7 Read, Write and Execute Permissions
First number = OWNER
Second number = GROUP
Third number = OTHER USERS
One possibility for why it only works with 777 permissions might be if you are running SELinux. It's possible that it is preventing the write. I would have thought though that it would have prevented it even with the 777 permsissions but I'm no SELinux expert.
Every newbie mix users up. :)
You just have to distinguish OS user and website user.
The latter one has nothing to do with OS permissions.
For the OS users you have given 2 of them:
FTP user, owner of the files, uploaded via FTP
webserver user, owner of the files uploaded via browser.
Site user, who have no direct access to any files at all.
So, in case both these users are the same, you have no worry about.
But usually these are different users. So, one has no access to other's files unless directories has 777 and files 755.
That's why you have to set 777 for directories.
As we have learned above that website users has nothing to do with os permissions, you should not worry about security. 777 is ok.