Closed Thread Icon

Topic awaiting preservation: Chmod problems (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=13009" title="Pages that link to Topic awaiting preservation: Chmod problems (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Chmod problems <span class="small">(Page 1 of 1)</span>\

 
Milio
Bipolar (III) Inmate

From: belgium
Insane since: Nov 2003

posted posted 11-30-2003 22:49

Ok here is my problem.

I have a comment script on my site. It's a php driven script. It works like this. Every newspost has an unique (blogger) number. When an user submits a comment it makes a file : number.comment. That file has to be 666 to be able to add comments to it etc. Those files are in the map: comments which i even chmod to 777. I chmod the file to 666 but it changes back to 644 every time. So it's impossible to make comments and it gives me an error.

What can I do about it?
I heard there is a php chmod command, but I suck at php.
You can see the script at http://milio.be/~epsilonzero/comments.txt

Hope I've given you enough information...


Signature: My fanpage

[This message has been edited by Milio (edited 11-30-2003).]

[This message has been edited by Milio (edited 11-30-2003).]

Emperor
Maniac (V) Mad Scientist with Finglongers

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 12-01-2003 16:04

Milio: Yep there is a PHP chmod() function:
www.php.net/chmod

It is pretty straightforward and the user comments always help so have a look at it and if you have problems let us know.

___________________
Emps

The Emperor dot org

Milio
Bipolar (III) Inmate

From: belgium
Insane since: Nov 2003

posted posted 12-01-2003 18:48

I don't know a thing about PHP, so yeah I still have problems with it...

Signature: My fanpage

Emperor
Maniac (V) Mad Scientist with Finglongers

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 12-01-2003 19:57

Milio: Righto - well it seems like you now have the incentive for a quick crash course

Your link to the script gives a 404 by the way.

___________________
Emps

The Emperor dot org

Milio
Bipolar (III) Inmate

From: belgium
Insane since: Nov 2003

posted posted 12-02-2003 00:30

404 fixed. For some reason my host decided to completely reinstall the server when all they had to do is change the time for the logs. ANd the backup was 2 days old



Signature: My fanpage

Emperor
Maniac (V) Mad Scientist with Finglongers

From: Cell 53, East Wing
Insane since: Jul 2001

posted posted 12-02-2003 01:08

Milio: OK I had a quick look. This bit writes the information to a flat file:

quote:
if($banIPMode != 2) {
$file = @fopen("comments/$commentID.comment", 'a');
fwrite($file, $thisComment);
fclose($file);
}



See the manul on this function:
http://www.php.net/fopen

All you need to do is chmod the file after you have written to it (as far as I can tell, unless I've missed something).

___________________
Emps

The Emperor dot org

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 12-02-2003 11:19

well... I can see no reason to give any file 666, or 777 for that matter, which would be even more dangerous. 664 should be enough to allow your web server to read and write to the file, even if it belongs to your user account on the server.

Milio
Bipolar (III) Inmate

From: belgium
Insane since: Nov 2003

posted posted 12-03-2003 03:03

From the readme...

NOTE: If, at any point, you upload/download/edit the comments directory and/or the
.comment files it contains, you MUST reset the permissions on all of these files to
777. Otherwise, the comments script will be unable to write to them.

Now it makes sense, I should never touch those files, but why? why on earth would that change my phmod settings?

Signature: My fanpage

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 12-03-2003 11:27

a) 777 means world readable (ok), writeable (ugh) and executable (!!!). having it writable for everyone, and executable by anyone, is a security risk.
Therefore, your host is correct to protect itself, by preventing such.

Now, I could imagine a situation where your file needs to be world read and writeable, but not executable.
Still, for a php script, group read/write (the second number) should be enough, since it's either running as your username (and then the files belongs to you, and actually, the first number would be used), or as the apache, to who's user group you should be belonging.
now, if you host is somewhat unlucky in his setup, you might not belong to the apache group... then you'd have to set the file world read and writeable. Still it would not need to be executable.

« BackwardsOnwards »

Show Forum Drop Down Menu