Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Webserver File Permissions

Options
  • 24-05-2007 9:00am
    #1
    randombar
    Registered Users Posts: 3,401 ✭✭✭


    Hi,
    My problem is this, that I want to allow users to upload pictures to my site via php. I have the script for this working fine but I need 777 permissions on the upload folder in my site. Since it has been hacked twice already I would prefer to change the permissions back to 755.
    How can I upload pictures to my site without messing around too much with the file permissions?
    Thanks
    Gary


Comments

  • Options
    #2
    nikimere
    Registered Users Posts: 467 ✭✭nikimere


    I'm not 100% sure but i think you can chnage the permissions on the fly by interacting with apache. You could change it to 777 then back again after.


  • Options
    #3
    daymobrew
    Registered Users Posts: 6,511 ✭✭✭daymobrew


    It what way has it been hacked?

    Maybe you could upload to /tmp and move it to another dir after some validation has been done. Or put the validated files in a db as blobs.


  • Options
    #4
    Kudos
    Registered Users Posts: 94 ✭✭Kudos


    GaryCocs wrote:
    Hi,
    My problem is this, that I want to allow users to upload pictures to my site via php. I have the script for this working fine but I need 777 permissions on the upload folder in my site. Since it has been hacked twice already I would prefer to change the permissions back to 755.
    How can I upload pictures to my site without messing around too much with the file permissions?
    Thanks
    Gary

    So long as you sanitise everything going into the 777'd directory it shouldn't matter. Also, how do you know this was the point of entry for previous hacks? I have been hacked twice also, both times it was serverwide hacks though and there was nothing I could have done to prevent it. root doesn't give a **** about permissions.


  • Options
    #5
    randombar
    Registered Users Posts: 3,401 ✭✭✭randombar


    How do you mean sanitise? Some days I think I'm ok at the web stuff and then I get a problem like this!! I also checked the tmp folder and it has the same permissions as the rest of the folders!

    The thing is I'm basically only using the folder as caching, once I upload the photos I send them over to flickr (some reason you have to upload first) so I could delete the contents straight off I'm just nervous about leaving a door open!

    As for hacking, well I don't really know if anyone else has been hacked but the first hack was through phpthumb (stupid program) and the second time was in this folder that i had open permission with!

    Thanks for your help too lads, don;t know what i'd do without boards!


  • Options
    #6
    Kudos
    Registered Users Posts: 94 ✭✭Kudos


    GaryCocs wrote:
    How do you mean sanitise?

    I mean if you are allowing images to be uploaded, then make sure that's exactly what happens, no scripts being uploaded etc.
    GaryCocs wrote:
    I also checked the tmp folder and it has the same permissions as the rest of the folders!

    tmp is 777 because everyone needs to be able to dump temporary files there.


  • Advertisement
Advertisement