How may I give a PHP file ownership of folder so it can except uploads

[Failing_Solutions]

Awhile ago I wrote a simple form to except image specific uploads from users and chmoded the directory to 777... worked great...

 

Till there was a hack and then I found that chmod 777 is bad

 

So changed the folder to 775, but now the upload script won't work.

 

Can somebody point me to a post or article on how to give a file ownership or group permissions so it can safely run its uploads to the folder?

 

I have tried google but keep getting Linux and Window OS results.. its a tough question to google.

 

Any help is very much appreciated.

[Failing_Solutions]

Here is the script if it will help:

 

<?php 
include 'dbc.php';
//////// End of connecting to database ////////

/// INSERTING DATA TO DATABASE 
if(!isset($rfq_part) && !isset($rfq_name) && !isset($rfq_company)&& !isset($rfq_phone) && !isset($rfq_email)&& !isset($rfq_proto) && !isset($rfq_eau)) {
echo "Sorry this page is only available for submissions<br><br>";
echo "Please visit our <a href='orings.php'>Oring Selector</a> to submit and RFQ";
echo "<div align='right'><table border='0'><tr><td valign='bottom'><A href=\"javascript: window.close()\">X Close</a></td></tr></table></div>";
}else{
///Writing the file to the database/////
   // Configuration - Your Options
     $allowed_filetypes = array('','.jpg','.pdf','.pjpg','.jpeg','.gif','.bmp','.png','.ppf','.tiff','.pdp','.csv','.dxf','.ppt','.xls','.avi','.doc','.stp','.step','.igs','.iges','.x_t','.dwg');
     $max_filesize = 2024288; // Maximum filesize in BYTES (currently 0.5MB).
     $upload_path = './upload/'; // The place the files will be uploaded to (currently a 'files' directory).

   $filename = $_FILES['file']['name']; // Get the name of the file (including file extension).
   $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.

   // Check if the filetype is allowed, if not DIE and inform the user.
   if(!in_array($ext,$allowed_filetypes))
      die('The file you attempted to upload is not allowed.');

   // Now check the filesize, if it is too large then DIE and inform the user.
   if(filesize($_FILES['file']['tmp_name']) > $max_filesize)
      die('The file you attempted to upload is too large.');

   // Check if we can upload to the specified path, if not DIE and inform the user.
   if(!is_writable($upload_path))
      die('You cannot upload to the specified directory, please CHMOD it to 777.');

   // Upload the file to your specified path.
   if(move_uploaded_file($_FILES['file']['tmp_name'],$upload_path . $filename))
         echo ''; //'Your file upload was successful,';// view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
      else
         echo ''; //There was an error during the file upload.  Please try again.'; // It failed .

$query="INSERT INTO rfq(rfq_id,rfq_model,rfq_name,rfq_company,rfq_phone,rfq_email,rfq_prototype,rfq_eau,notes,upload,rfq_date)
VALUES ('','$rfq_part','$rfq_name','$rfq_company','$rfq_phone','$rfq_email','$rfq_proto','$rfq_eau','$rfq_note','$rfq_upload','$rfq_date')";
mysql_query($query) or die ('Error trying to update database');

//// SELECTING RFQ NUMBER
$rfq_number=0;
$rfq_number=mysql_query("SELECT rfq_id FROM rfq where rfq_id=(SELECT MAX(rfq_id) FROM rfq)");
$rfq_number=mysql_fetch_array($rfq_number);
$rfq_id=$rfq_number['rfq_id'];

?>

[DWilliams]

You don't grant permissions to PHP specifically, the webserver PHP is running under (most commonly Apache) is the process that needs to have write permissions to the upload folder.

 

Apache is configurable to run as a specific user/group that changes based on the OS or distro so you'll need to look that up in the main httpd.conf file (assuming you're using Apache, if not refer to your webserver's documentation).

[gizmola]

This topic often confuses people, although it doesn't need to.

 

Here are the numbers associated with each permission:

 

Read  ®  - 4

Write (W)  - 2

Execute (X) - 1

 

You can see that adding these numbers up in different ways, gives you a number of numeric combinations:

 

RWX = 7

RX = 5

 

There are also 3 groups that permissions pertain to:

 

User that owns the directory  (U)

Group that owns the directory (G)

Everyone else  (aka Other) (O)

 

When you talk about a listing of permissions as a 3 digit number like 777, what you're really talking about is:

 

User/Owner = 7  Group = 7 Others = 7

 

 

What often confuses people is that the combinations for directories and files is the same, however, the meaning is entirely different in the context of a Directory.  Here's a description of what the flags mean for a directory:

 

Read -  List the directories contents. 

Write - Write a file to the directory

Execute - CD (Change directory) and "enter" the directory.

 

To DWilliams point, you can't examine these questions in a vaccum.  You need to know:

 

-Who owns the director(ies) in question.  Each directory has an owner/group combination.

-How is apache configured to run php

 

He described the typical configuration where php is essentially a part of apache, via mod_php. I do have to point out that most shared hosts use fastcgi so they can control permissions of individual directories securely.  With fastcgi php runs as a separate process, where the permissions become those of an individual user/group combination -- usually this is an individual user account set up and configured by the host for each request.  In other words, rather than the apache process owning a file, or needing permissions to rwx a directory, it will be whatever the specific user running that request happens to be, and there will be a user for every different site that exists on the shared server.

 

You need to determine your configuration before you look at these questions.

 

If running as an apache module, then the permissions are relative to the user apache is running as, which could be apache or nobody, or any user the sysadmin desires.  Users also have 1 or more groups associated with them, so

 

With that said let's look at 777 vs. 755 for a directory. What is the difference?

 

The only thing different with 755 is that the user/group is missing the WRITE permission.

 

So what that tells you is, that the directory in question where you are trying to write the files, does not allow the user (probably apache) to be able to write them because apache is neither the owner of the directory nor a member of the group that owns the directory.

 

When you say that 777 has "security problems" I think you need to question/understand what that means.  Probably it does not mean what you think it does.  Chances are the reason the script works is that the owner of the directory is some user other than apache, and thus falls in the "Other" category.  It needs the 7 permission to be able to write a file into it.  No other permission will do.  There is no getting around having a user that needs to write a file and read it later in this context, that doesn't have a RWX permission.

 

Now for files, that is another story.  For a file the Execute permission is exactly what it says it is -- It allows you to "Execute" (run) a program or script. 

 

If your script has a hole in it, that lets someone write a file into the directory that is meant to be an image, but instead, they are able to fill the file with code, and then name the file myimage.php, AND the script allows the file to have the execute permission set, then you have a real problem on your hands. 

 

I'm starting to write a chapter of a book here, so I'm going to wrap this up, and state that umask and chmod are two related permission commands/features that should help you complete your understanding of this topic. Umask is important to understand, because the umask is what effects the permissions a newly created file will have in a directory.  Hopefully it is apparent that for a file that is suppossed to contain images, having the directory be 777 may be the only way you can allow apache to write image files into the directory.

 

That doesn't need to be a problem if the permission for the image file is 666.  The "Other" permission of 6 will allow php to read/write/delete that image file.  What could be a problem is that the file gets the 7 permission!  This is not a directory permission problem -- it's a file permission problem, and the permissions on the directory are not going to rectify it.  Insure a umask is in place, or having code that CHMOD's the file to only have RW for apache is most likely what you need to insure.

 

One last concept that sometimes comes into play is the "sticky bit" which is an "advanced linux file permission" which you can google and read up on, although it is probably not an issue you need to be concerned about.

 

 

 

 

 

 

 

 

 

[Failing_Solutions]

Dwilliams and gizmola thank you both for the info.

 

I will admit that I have had 2 courses in Linux and understand permission to some degree. What I have trouble wrapping my head around is some of the Open Source packages that allow for image upload from a user that don't require the folder to have the public / other RWX permission. This to me says that somehow these packages are taking ownership of the folder they are uploading the images to.

 

To the security part, giving the public the ability to RWX inside a folder, at first thought to me seemed okay because they were limited to the scope of that folder. The problem then became they were somehow able to execute scripts inside that folder that actually affected all the folders on the user account of the server (meaning my account on my host shared server). Thus, it becomes a problem and after the last hack my host told me to remove all xx7 permissions.

 

I will continue to digest the information you both provided and do research myself to learn what I can.

 

I'm wondering if I move the php script inside the folder it is uploading to and simply change my form on submit to point to the Upload folder if I can skip this issue? My thinking is that since the file is in the folder then it won't need a public X permission.

 

Again thanks for the info, I'll continue to work on this and update my solution and mark the question answered when it is solved.

 

[gizmola]

Yes, for folders where you are not going to write to them, you don't want them to have a 7 permission.  You install the scripts and remove the "write" permission, so that they can not be overwritten. This is probably what your shared host meant. You want all your script directores *other than the ones you need to be able to read/write files to" to be 755.  That way if you have a rogue script or exploit, it can not go and update your other scripts and css/javascript files with malicious code.

 

The other question you had in regards to "other" permissions, is that if you have path where I give you 7 perms to a particular directory, and from there the script creates a directory, then the owner of that directory is going to be the user that created it. So, if the script creates its own directories, then use those directories to store the image files, and you don't need to give "other" the 7 permission, because it already owns the directory. 

 

There has to be at some point, the full set of RWX perms given to the user that php will be running as --- there is again, no way around that fact if your script needs to write files.

[xyph]

What's stopping the rogue scripts from calling chmod on those files/directory?

[gizmola]

What's stopping the rogue scripts from calling chmod on those files/directory?

 

You can't chmod things you don't own.

[xyph]

Yes, ignore me. Should've read your post slower

[Failing_Solutions]

The other question you had in regards to "other" permissions, is that if you have path where I give you 7 perms to a particular directory, and from there the script creates a directory, then the owner of that directory is going to be the user that created it. So, if the script creates its own directories, then use those directories to store the image files, and you don't need to give "other" the 7 permission, because it already owns the directory. 

 

There has to be at some point, the full set of RWX perms given to the user that php will be running as --- there is again, no way around that fact if your script needs to write files.

 

I've seen some scripts that creates a directory, then writes the files, then chmods it back down to secure levels. So there is no real way to get all the uploads into 1 directory without opening it up.  I'll just end up having a main directory, with a bunch of sub-folders each containing the specific upload from that submission, is that correct?

[Failing_Solutions]

Turns out the problem wasn't with the permissions, I had actually deleted the folder in which the files were suppose to be uploaded to. Permissions at 755 work fine with the script.

 

/facepalm

[gizmola]

Turns out the problem wasn't with the permissions, I had actually deleted the folder in which the files were suppose to be uploaded to. Permissions at 755 work fine with the script.

 

/facepalm

 

That indicates that you are running in fastcgi mode... but you did say it's a shared host so that is what I'd expect.  The key information is who is the owner of the files/directories in question?  Just to close the loop on your own understanding, make sure you look at the ownership and perms of the files the script is creating.