Re: [PHP] chown / chgrp of a http owned file after upload

Thu, 14 Aug 2003 13:07:37 -0700 

This is the part of the code as it stands, it gives a permission denied
error.

  $imtemp=$_FILES['file']['tmp_name'];
  $imsize=$_FILES['file']['size'];
  $imname=$_FILES['file']['name'];
  if ($imsize > "100000") {zerror("Image too large","Please go back and
correct, image must be less than 100k"); unlink ($imtemp);}
  if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/zeus_images/" .
$_POST['folder'] . "/" . $imname)){zerror("File already exists","The
filename $imname is already used"); unlink ($imtemp);}
  if (move_uploaded_file($imtemp,$_SERVER['DOCUMENT_ROOT'] . "/zeus_images/"
. $_POST['folder'] . "/" . $imname)){
    if (chown($_SERVER['DOCUMENT_ROOT'] . "/zeus_images/" . $_POST['folder']
. "/" . $imname, $site_user) && chmod($_SERVER['DOCUMENT_ROOT'] .
"/zeus_images/" . $_POST['folder'] . "/" . $imname,0644) &&
chgrp($_SERVER['DOCUMENT_ROOT'] . "/zeus_images/" . $_POST['folder'] . "/" .
$imname,$site_group)){
      message ("file uploaded","File Uploaded!","File successfully uploaded
as $imname to folder " . $_POST['folder']);
    }
 else {
 unlink ($_SERVER['DOCUMENT_ROOT'] . "/zeus_images/" . $_POST['folder'] .
"/" . $imname);
 zerror("File CHMOD / CHOWN / CHGRP error");
 }
  }
  else {
   zerror ("File Upload Error");
  }

"Mike Migurski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> >I have written as part of my CMS, an image upload system, now when the
> >images are placed in the destination folder, they are owned by httpd.root
> >and I need to get them to be owned by siteuser.sitegroup.
> >
> >I have tried to chmod and chgrp it to siteuser.sitegroup but it gives
> >permission denied errors.
> >
> >Is there any way round this without enabling run as root? Or is there a
> >safe way to do this?
>
> You can ch(mod|own|grp) the files in the upload script, right after they
> are written to disk. chmod a+rwX is a good option if you are not overly
> concerned about the security of these files. Are you getting
> permission-denied errors when attempting to do this in your script, or
> afterwards, on the command-line?
>
> ---------------------------------------------------------------------
> michal migurski- contact info and pgp key:
> sf/ca            http://mike.teczno.com/contact.html
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to