right guys ive ran into a problem with file permissions with the following upload form. a text file is passed to the upload/ dir by global users.
mysite$ ls -l
drwxrwxrwx 2 user user 4096 2010-09-24 13:07 upload
but as I am not logged in as root, the new file uploaded to the domain saved itself in the upload/ dir with limiting permissions and cannot be modified. eg.
upload$ ls -l
-rw-r--r-- 1 www-data www-data 3067 2010-09-24 13:07 Readme.txt
this problem is obviously the same for all files added to the upload folder by global users. once the file is uploaded I need a way of changing the file rights without embedding the root password into a php script running on the domain. please help!
is there any way to associate the same rights to files as the containing folder when new files are added?
submit form:
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
upload_file.php:
<?php
if ($_FILES["file"]["type"] == "text/plain")
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("/home/user/mysite/upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"/home/user/mysite/upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
The user, that initially writes the files into your "/upload" directory, is the one that started the Apache instance running a PHP module.
In other words, PHP is the "owner" of all uploaded files and through a PHP script you can change the permissions of all relevant uploaded files without providing any credentials at all:
PHP chmod function
A quick and dirty hack to make uploaded files writable to all users would be
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
$f="/home/user/mysite/upload/" . $_FILES["file"]["name"]);
chmod($f, 0777);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With