How can I check file permissions, without having to run operating system specific command via passthru() or exec()?
A:
What do you want to do by checking file permissions?
When writing secure code, it's almost always incorrect to "check, then do" anything. The reason is that between the checking whether you can do something and actually doing it, the state of the system could change such that doing it would have a different result.
For example, if you check whether a file exists before writing one, don't check whether you wrote the file successfully (or don't check in a detailed-enough fashion), and then later depend on the contents of the file you wrote, you could actually be reading a file written by an attacker.
So instead of checking file permissions, just do whatever it was you were going to do if the permissions check succeeded, and handle errors gracefully.
Chris Hanson
2008-08-21 08:09:41
+2
A:
Use fileperms() function
clearstatcache();
echo substr(sprintf('%o', fileperms('/etc/passwd')), -4);
Željko Živković
2008-08-21 08:10:44
A:
@chris - I need to to check the permissions so that when a user wants to upload something I can make sure that the people using my app have followed the directions and set the correct permissions.
@Željko Živković - this is basicly what I'm looking for thanks.
@* I also found this after some more digging http://www.php.net/manual/en/ref.filesystem.php
Unkwntech
2008-08-21 08:18:18
A:
What do you want to do by checking file permissions?
Well No offence to yourself, You sound very intelligent in this field. However, I can think of numerous reasons why I would want to check the file permissions as well as printing them out.
When writing secure code, it's almost always incorrect to "check, then do" anything. The reason is that between the checking whether you can do something and actually doing it, the state of the system could change such that doing it would have a different result.
Yes I most defiantly agree.
So instead of checking file permissions, just do whatever it was you were going to do if the permissions check succeeded, and handle errors gracefully.
Depending on what you wish to be doing, depends on how you should be looking at this. I am checking my file permissions as a result of a script I am making to tell what files and folders are writeable on my server. How many of them there are, and whether I can update them.
You can use the is_readable(), is_executable() etc.. commands.
Again this is useful for certain methods, but not all.
But the general idea of what you are all saying is very correct.
Best Regards, v0rtech
v0rtech
2010-07-01 12:43:00