Consider a simple file upload system written in php. User has access only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?
+3
A:
You can use chmod for that. Every file system operation has a running risk, so consider the fact that the user might try to change the permissions of another file so you have to sanitize the input.
bool chmod ( string $filename , int $mode )
Attempts to change the mode of the specified file to that given in mode.
nc3b
2010-05-22 10:59:44
A:
It looks like you do not understand the way web-server works. It has only one system user ans there is no need to change any permissions for the site users.
To implement an ACL feature, one need a database to hold users and rights, and some manual download method implementation, a simple one (proper headers+readfile()) or one of more complicated solutions, like nginx's x_accel_redirect
Col. Shrapnel
2010-05-22 11:00:24
@Col. Shrapnel;User may upload image an add to article. What about folder chmod this case? The folder may always be in 707? And what about security?
Felicita
2010-05-22 11:04:37
@Fel Permissions must be set just to make the site work. And depends on the server setup, not imaginable "security issues"
Col. Shrapnel
2010-05-22 11:06:36
+2
A:
we can't do while uploading a script,this is not a secure way any one can hack it. I can be done only in file uploading page code by giving chmod through ftp.
Deepali
2010-05-22 11:02:50