Closed Thread Icon

Topic awaiting preservation: Paths and permissions with PHP Pages that link to <a href="https://ozoneasylum.com/backlink?for=12182" title="Pages that link to Topic awaiting preservation: Paths and permissions with PHP" rel="nofollow" >Topic awaiting preservation: Paths and permissions with PHP\

 
Author Thread
butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted posted 04-16-2002 22:54

I have a couple general questions I would be greatful if someone could help me with.

When I'm coding in php it seems that some functions will accept relative paths:

$dir = "/gallery/my_folder";

and some give me errors unless I give them paths using something like $DOCUMENT_ROOT with the realative path:

$dir = $DOCUMENT_ROOT . "/gallery/my_folder";

the function getimagesize() is one that comes to mind. Am I doing something wrong, or is this just the case with some functions, and is there an easy way to remember which ones they are?

Also, If I'm writting a script that creates directories that I may want other people to work in via FTP, or to be able to upload via another script, what is the minimum permissions I can set on the directories and not get permissions errors.

Thanks guys

-Butcher-

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 04-16-2002 23:35

hmm..

I think the wall you are running into is the dif between the URL paths and the actual root paths.

for example in your first example
$dir = "/gallery/my_folder";

Normally what that would mean is that /gallery is off the root directory of the server. gallery/my_folder should be relative to the script.

The getimagesize thing actually looks a bit like a bug but it depends on the implementation of it.
What it's doing accepting sizes relative to the URL of the page. This may be the SOP of PHP to make functions that accept URL's as paths to make everything relative to the URL as opposed to relative to the filesystem though I've never seen this documented anywhere.

I'm not the best at permissions stuff but need more info to answer the question. If they are going to be manipulating directories as one user via script or all ftping as the same user you and they don't need to execute anything then you may get away with 600 (Read Write for the Owner Nothing for Group or Public) Different users but same group 660 (read write for Owner and Group nothing public) . Finally this may be your best bet would be 664 (read write for owner or group and read to public) which would allow the users of the same group to upload files and move them a bit but not execute anything and still allow the public (assuming this is a page or something) can still read it.

chmod is pretty easy check out this tute

Oh one tip most scripts (php and cgi) that execute from a browser are run as "nobody" of group "nobody" or "apache", "apache" so if you're writing scripts to run via a browser then using that one owner is fine.



.:[ The Tao of Steve ]:.
Be Desireless
Be Excellent
Be Gone
...................................

butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted posted 04-23-2002 02:15

Thanks Bitdamaged

I've been kinda busy and just a little sidetracked, but I didn't want you to think I didn't appreciate your answer. It helped.

-Butcher-

« BackwardsOnwards »

Show Forum Drop Down Menu