----- Original Message -----
From: "Wade Smart"
20080821 1902 GMT-6
Discovered today that a script that the school "THOUGHT" had been working
for
the past two years - inst!
Their upload script uploads the picture into the images/ dir and then
creates a
thumnail of it and puts it in the thumb/ dir. That all works.
Their delete script first deletes the photos and then the student data from
the
db. Ah... the photos have not been deleted.
Looking at the permisions I see that images/ and thumb/ are both 1600775
www-data owner. The picture in images/ is 600600 but the one in thumbs/ is
600644. That is a problem.
All the thumbs have been deleted but the pictures themselves are not. Now,
Ill
write some code to change the rw permissions of the pic but what Im after
is,
why is it that the main pic is rw to the owner and non to the group but on
the
thumb its rw for the owner and read-only for the owner. Why can that one be
deleted?
Wade
------------------------------------
Hello Wade,
I see no one answered this question for you.
The question itself is a little confusing where you say "but on the thumb
its rw for the owner and read-only for the owner".
I will offer some explanation that is common but may not be your case.
PHP run's in someone's authority. The authority may be user
(www,anybody,nobody, apache) or the authority of the visitors. This is often
the case when php runs as an apache application. In the case all files
created by PHP will have the default owner "user" (anybody).
PHP can also run with the authority of the account owner. This is often the
case when php runs as a CGI. Files created with this authority have the
owner who is the owner of the account "owner".
The difference between the pictures and the thumbnails is that thumbnails
are created by php and the pictures are not. The pictures are uploaded with
the authority of "user" so the owner is "user".
The thumbnails are created by the script so the owner is the authority that
the script runs under.
Clear as mud?
Later versions of php are more frequently run as a CGI. Earlier versions
where rarely run as a CGI. It is also rear to have php running as an apache
application to have any authority other than "user" or "group".
It may be the case that the script was running perfectly until a php
upgrade. Look at the dates of the pictures and that may help pinpoint a
time.
Thanks, Rob.
PS: Look up POSIX at php.net
