4

right guys ive ran into a problem with file permissions with the following upload form. a text file is passed to the upload/ dir by global users.

mysite$ ls -l
drwxrwxrwx 2 user user 4096 2010-09-24 13:07 upload

but as I am not logged in as root, the new file uploaded to the domain saved itself in the upload/ dir with limiting permissions and cannot be modified. eg. 

upload$ ls -l
-rw-r--r-- 1 www-data www-data 3067 2010-09-24 13:07 Readme.txt

this problem is obviously the same for all files added to the upload folder by global users. once the file is uploaded I need a way of changing the file rights without embedding the root password into a php script running on the domain. please help!

is there any way to associate the same rights to files as the containing folder when new files are added?

submit form:

<html>
<body>

<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

upload_file.php:

<?php
if ($_FILES["file"]["type"] == "text/plain")
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("/home/user/mysite/upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "/home/user/mysite/upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>
Improve this question

3 Answers 3

Reset to default
5

The user, that initially writes the files into your "/upload" directory, is the one that started the Apache instance running a PHP module.

In other words, PHP is the "owner" of all uploaded files and through a PHP script you can change the permissions of all relevant uploaded files without providing any credentials at all:

PHP chmod function

A quick and dirty hack to make uploaded files writable to all users would be

else 
      {
      move_uploaded_file($_FILES["file"]["tmp_name"], 
      $f="/home/user/mysite/upload/" . $_FILES["file"]["name"]); 
      chmod($f, 0777);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; 
      }
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

thanks for the hack, but after trying it instead of getting full rights I get some very strange permissions? '-r----x--t 1 www-data www-data 0 2010-09-24 15:53 readme.txt'
This because the file has sticky bit, which again comes with move_uploaded_files function.
looks like there was a typo. in PHP the correct format is 'chmod($f,0777)'. leading zero was missing. this now works perfectly!!
As well, you can make the upload/ directory SETGID (mode 2xxx), which forces any new files within it to be created with the upload directory's group ownership.
3

move_uploaded_file uses umask(600). Use copy($source, $dest) instead of move.

Improve this answer

2 Comments

thanks for the umask(600) info on move_uploaded_file, where can I quickly reference more info like this? on the PHP module rights in linux
I checked it on my system by calling umask function before and after move_uploaded and copy function in a test php script.
1

You can use chmod to change the file permissions.

To get the permissions of a file, use fileperms.

Improve this answer

3 Comments

thanks, but how can I use this permission output to solve the problem?
After you've uploaded the file, you can use fileperms on the folder to get the permissions, then use chmod with the result of fileperms to set the permissions as you want.
thanks for the tip, I could see how this could work for dynamic systems with multiple folders and users.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.