Another file permissions problem

Question

I have a classifieds website, and when users post a new classified, they may chose to upload images.

My php code takes the chosen image, uploads it to a image folder, and names it accordingly.

The problem here is, I have to set the images folder to 777 in order for this to work.

My question is, what should the permissions be set to? And any ideas why it is not working if not 777?

If you need more input just let me know...

Thanks

UPDATE

I have a user (danny) which has root access... The folder where images are uploaded to, as well as the "image_upload.php" file which does the magic, are owned by user "danny". Then I just tried setting them to chmod 764, but when I do that I get a problem.

See, it seems that I HAVE to set r+w+e permissions for the "public" for everything to work.

Can't figure out why...

Thanks again

Answer 1

And any ideas why it is not working?

Other than permissions, make sure to specify proper settings for:

• file_uploads
• upload_max_filesize
• memory_limit
• max_execution_time
• post_max_size

See:

• How to optimize your PHP installation to handle large file uploads

Also make sure that:

• You have specified the enctype="multipart" in the form
• Check the files array with print_r($_FILES);

Answer 2

Forget Revelations, 777 is the true number of the beast :-)

You should almost never need to set permissions that way. Surely your images are being created in the directory under a single user ID like php.

If that's the case (and it should be), you just need to add that user to the specific group of that directory and allow group write access, 764 most likely, though the last digit may change based on other needs.

You can probably figure out which user is running by changing the upload script to do:

system ("id >/tmp/id.txt")

or whatever the equivalent is in PHP for running a command line tool.

Then check the /tmp/id.txt file for the details. You'll have something like:

uid=1000(php) gid=1000(phpgrp) groups=1000(phpgrp)

Once you find that out (php), work out the group of that images directory:

pax> ls -ald images
drwxr-xr-x 4 pax paxgrp 4096 2010-06-14 16:38 images

That would be paxgrp from the above transcript. Then ensure that the php user is added to the paxgrp group. This can usually be done in /etc/group by changing, for example:

paxgrp:x:1027:bob,george

into:

paxgrp:x:1027:bob,george,php

then ensure the directory permissions allow group (but not world) writes.

---

And, based on your update, it doesn't actually matter who owns your PHP file, just who's running it, and that may not be danny at all.

Otherwise, I could remove any file on the hard disk because rm is owned by root :-)

The quickest way to find that user out for certain is to change that file so that it outputs the id information as I suggested.

Answer 3

The answers here are great, I just wanted to add one other possibility. You mentioned that a user "Danny" has root access and this Danny owns the files/dirs. With a non-CLI PHP script, the web server user should own the script, then you wouldn't need the public to be able to read write and execute (honestly, if you do it right, you should be able to set permissions to 700 and still be ok - though it's usually never that restricted).