Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by jasonsho

  1. OK - attached is the script that was linked to above by kweilbacher with some extra crap by me. I was just trying to make it work to test the permissions issue, and it didn't have all the error reporting that I would like. The suspect lines are:


    >      if(!copy($HTTP_POST_FILES['file']['tmp_name'],"/changeme/public_html/test/".$HTTP_POST_FILES['file']['name']))
            print "Failed to upload file!";


    I do not currently have shell access to my account. However, I can make the "/changeme/public_html/test/" directory writeable by world via CPanel, and then the file upload works OK. By doing that, I am just giving any user on the system write access to that directory, versus limiting it to the apache user or its group. So now the question is, how much less secure is this method? My thoughts: if some sort of attack or misuse comes via apache to somehow upload files to this directory, it could happen in either case - only for other users on the system is this a greater risk. So what sort of risk do we have for other user IDs on our systems? What about anonymous FTP? Any takers?




  2. Hi all -

    I want to have a PHP page where a user can upload a file, and then I save that file to disk. Of course, I can do this on my local Linux development machine, but I have to change the permissions of the upload directory so that whatever user Apache and PHP are running as has write access to that directory. My question is, can I do the same thing somehow on my TCH account? It looks to me that in the CPanel, I can change the permissions of a directory for UserGroupWorld, but can I change the group to match whatever user Apache runs as? Wouldn't that be more secure than simply making the directory world-writeable?



    jasonsho (somehow a funny short for "jasonshosting") :)

  • Create New...