OK - attached is the script that was linked to above by kweilbacher with some extra crap by me. I was just trying to make it work to test the permissions issue, and it didn't have all the error reporting that I would like. The suspect lines are:
> if(!copy($HTTP_POST_FILES['file']['tmp_name'],"/changeme/public_html/test/".$HTTP_POST_FILES['file']['name']))
print "Failed to upload file!";
I do not currently have shell access to my account. However, I can make the "/changeme/public_html/test/" directory writeable by world via CPanel, and then the file upload works OK. By doing that, I am just giving any user on the system write access to that directory, versus limiting it to the apache user or its group. So now the question is, how much less secure is this method? My thoughts: if some sort of attack or misuse comes via apache to somehow upload files to this directory, it could happen in either case - only for other users on the system is this a greater risk. So what sort of risk do we have for other user IDs on our systems? What about anonymous FTP? Any takers?
-jasonsho
file.php