Php Safe Mode & 777 Directories

[jls]

Hi,

I wanted to know if it was possible to run Coppermine (which uses PHP) and create directories that are not 777. I am having problems if I want to limit the permissions.

 

Also is the reason why files/directories created with php can't be deleted because it's ruuning in Safe Mode?

 

Thx,

-Jorge

[TCH-Bruce]

When you use a PHP scipt to create a directory or file you will not be the owner of the directory or file it creates because the script does not run as you. You could write a PHP script that will delete the directories and files you create with another PHP script.

 

Oh, and welcome to the family!

Edited November 10, 2004 by TCH-Bruce

[jls]

Thanks.

You answered the 2nd question fully. I was pretty sure that was the answer from reading other posts but wasn't 100% sure. I can use CPG to delete the files (I actually should to remove entries from MySql as well). But wouldn't that php script to delete the files be accessible by everyone? (I will post in the CPG support forum how the CPG user accts are handled).

 

I still would like to know about my 1st question, Coopermine said that the albums directory should be either 755 or 777 for it to work. (depending on server configs)

 

755 I am comfortable with but not 777. CPG doesn't work fully (can't upload pics in batch mode) in 755 w TCH though, and it requests 777. In Unix, with 777 any user can delete the dir. I don't want visitors to be able to delete the albums? How could I pervent it short of making the albums private? (.htaccess)

[borfast]

Welcome to the family, Jorge! Thumbs Up

 

As for your question regarding directory permissions and coppermine, the problem is that when coppermine (PHP) needs to write stuff into those directories, since it is not running as your user but the directory is owned by your user, coppermine can't write into it.

 

The solution is to either make the directory belong to the group to which the PHP/Apache user belongs and set its permissions to 775

or

make the directory writable for anyone.

[borfast]

Well, unfortunately, 755 won't work, because that means only your user will have write access to the directory but since PHP/Apache are running under another user, they won't be able to write to the directory, which is not what you want.

 

The other solution I proposed above also has the disadvantage that anyone could *theoretically* delete any file that has group-write permissions.

 

I say theoretically because it's quite hard for someone to do that, since they need to know the username of another user on the same server, which is not publicly available. Besides, I believe TCH has recently activated some configuration options in PHP that make this even harder.

 

In practice, I don't think we have ever assisted a situation where a user has deleted files from another user, so don't worry too much about it

[jls]

Gracias Raul,

 

Thanks for the quick 2nd repply. I was just about to write and ask if my understanding of 775 was correct, since all the users 'share' PHP.

 

I will leave it as 777. Just something in my spine jumped when I saw 777. It is the 1st no-no that we are always told.

 

Anyways thanks a lot, currently my CPG is 'private' while I make all the tests and make sure the config is right. Just didn't want to make it public, while I still had access questions.

 

Thx again,

-Jorge

[TCH-Thomas]

Welcome to your extended family

There is a lot of coppermine users in this forum, so no question should be to tough to answer.

[borfast]

No problem, Jorge

 

And as Thomas said, we have a lot of Coppermine users here - actually, we have a lot of "everything" users here, so anything you need, just ask

 

By the way, are you Portuguese? Spanish?

[TCH-Don]

Welcome to the Family Jorge

 

and your new home!

 

We really are like family here.

So if you need anything,

just ask your new family!

We love to help