[nycphp-talk] Issues with File Permissions
Chris Snyder
chsnyder at gmail.com
Wed Jul 6 10:51:47 EDT 2011
On Wed, Jul 6, 2011 at 9:33 AM, Randal Rust <randalrust at gmail.com> wrote:
> We have a site where if we create a folder or file on the server the
> Owner/Group is one name (foo/foo) and if we use the CMS the
> Owner/Group is another (bar/bar).
>
> Typically, we set folder permissions to 0777 so that we don't have to
> open and close directories for uploading files. However, a hacker
> uploaded a couple of files to one of these directories last week, so I
> am trying to add code that uses chmod() to properly open and close
> directories.
>
> The issue I'm running into is that this only works through the CMS if
> the Owner/Group of the directory or file is bar/bar.
>
> I'm trying to figure out what my options are here.
The rules are that only root can change ownership of a file. So group
id is the only one you have to play with here. A user can change the
group id of a file to any group they are a member of.
In this case, I'd set folder ownership to foo:bar and folder
permissions to 770.
Your host will need to do that for you if foo is not a member of the
bar group. Also, you won't be able to manually manage the files if you
aren't a member of bar.
More information about the talk
mailing list