DPChallenge: A Digital Photography Contest You are not logged in. (log in or register
 

DPChallenge Forums >> General Discussion >> Help! Need a Linux permissions guru!
Pages:  
Showing posts 1 - 21 of 21, (reverse)
AuthorThread
 06/28/2005 11:41:47 AM · #1
OK, i am having NO luck here.

i'm allowing users to upload files to a directory on a website. i am limiting the file based on MIME type (JPG). BUT i do not know what the correct permissions for the directory and for the individual files should be so that a visitor to the website is able to view the files once uploaded.

the only thing i can set the directory to in order to get it to work is 777, and i know that exposes my butt end to the world. anything else gives a "you do not have permission to view this directory" error.

little help?
 06/28/2005 12:01:41 PM · #2
If you're technically inclined, See //www.zzee.com/solutions/linux-permissions.shtml, or Google "linux permissions" for more.

But there are other things that can be done by the server admins to block access, so setting the permissions may not give you what you want.

One other solution is to use the .htaccess file (see //www.freewebmasterhelp.com/tutorials/htaccess/ or Google "htaccess tutorial".) If you do this, you may also want to set .htpasswd and .htgroup

But the above mechanisms are a pain in the neck to use. I recommend using a photo gallery, like //coppermine.sourceforge.net/ or //www.4homepages.de/

Message edited by author 2005-06-28 12:02:43.
 06/28/2005 12:04:27 PM · #3
Unfortunately using 777 is the only way to allow a web browser upload to a directory. The user that runs the web server *should* be a user that has no privileges on the machine. So you have to open the directory to everyone to allow the browser to write.

You can get around this by setting up users for the website and then scripting on the backend to check the users before uploading. (Like DPC does.)
 06/28/2005 12:07:41 PM · #4
Scott no relation I don't guess? I don't know of any Scott's in the family. Where are you living?

Message edited by author 2005-06-28 12:08:43.
 06/28/2005 12:08:37 PM · #5
or Gallery works excellent and embedable.

Message edited by author 2005-06-28 12:09:38.
 06/28/2005 12:10:55 PM · #6
Originally posted by muckpond:
i am limiting the file based on MIME type (JPG).


Well there's your problem...the use of mimes. They're evil, I tell you...EVIL! ;)
 06/28/2005 12:15:32 PM · #7
The directory should only need execute permissions if you want users to be able to read files from that directory, or read/execute if you also want them to be able to see a directory listing. Execute only permission for everyone would be 111, read/execute 555. You probably want something a bit less restrictive, like 755 (read/write/execute for the owner of the directory, read/execute for the group and everyone else).

The files themselves are going to have to be at least 444 (read only by everyone), but again you may want to make that 644 (read/write by the owner, read only by everyone else).

Hope this helps!
06/28/2005 12:16:35 PM · #8
You don't need 777 on the directory. You should just need 700 (sometimes 770 works better, depending on how stuff is set up) (+rxw for owner or owner and group), with the owner of the directory being the user that the webserver runs as. Of course, you'll have to find that out and be able chown the directory. I assume the reason you need to have 777 is because the owner and group of the directory is different than that the webserver runs as.
 06/28/2005 02:26:29 PM · #9
ok, retard time.

how do i find out the user that runs the web server?

this stuff gives me SUCH a headache.
 06/28/2005 04:41:41 PM · #10
You can find it either on the configuration file (httpd.conf, you're running Apache, don't you) or typing "ps -ef" and looking for something that looks as a web server on the rightmost colunm. The user is on the first column. It's usually "http" or "httpd" for the web and "ftp" for the ftp server. YMMV.

Message edited by author 2005-06-28 16:42:26.
 06/28/2005 04:48:44 PM · #11
chgrp the files to the web user, often www-data or just www, then set perms 644 or 640 if you don't want other users on the system to see them, and 755 or 750 for ones that need to be executed (cgi and some php stuff).
 06/28/2005 04:49:42 PM · #12
Originally posted by carlos:
You can find it either on the configuration file (httpd.conf, you're running Apache, don't you) or typing "ps -ef" and looking for something that looks as a web server on the rightmost colunm. The user is on the first column. It's usually "http" or "httpd" for the web and "ftp" for the ftp server. YMMV.


ps aux | grep apache

:)
 06/28/2005 04:51:36 PM · #13
apache 12929 0.0 1.3 24424 7064 ? S 15:21 0:01 /usr/sbin/httpd
apache 12930 0.0 1.4 24952 7624 ? S 15:21 0:00 /usr/sbin/httpd
apache 12931 0.0 1.5 25080 7796 ? S 15:21 0:01 /usr/sbin/httpd
apache 12932 0.0 1.3 24332 7024 ? S 15:21 0:00 /usr/sbin/httpd
apache 12933 0.0 1.6 25252 8496 ? S 15:21 0:01 /usr/sbin/httpd
apache 12934 0.0 1.6 25172 8452 ? S 15:21 0:00 /usr/sbin/httpd
apache 12935 0.0 1.7 26100 8732 ? S 15:21 0:01 /usr/sbin/httpd
apache 13175 0.0 1.5 24908 8132 ? S 15:22 0:00 /usr/sbin/httpd
apache 13304 0.0 1.3 24428 6984 ? S 15:23 0:00 /usr/sbin/httpd
apache 13498 0.0 1.3 24272 6808 ? S 15:26 0:00 /usr/sbin/httpd
apache 14430 0.0 1.3 24304 6828 ? S 15:37 0:00 /usr/sbin/httpd
apache 15404 0.0 1.2 24112 6564 ? S 15:44 0:00 /usr/sbin/httpd
apache 16055 0.1 1.1 23872 6104 ? S 15:48 0:00 /usr/sbin/httpd
root 16333 0.0 0.1 3676 652 pts/0 S 15:49 0:00 grep apache

so i'm assuming my user is "apache"?
 06/28/2005 04:53:26 PM · #14
seems so, and you're root so i presume you don't have to worry about other users on the system?

Either way:

cd
chgrp apache *
chmod 750 *

rinse and repeat :)
 06/28/2005 05:21:27 PM · #15
no dice. still the only way i can write to the directory is with 777.

i tried to set the group to "nobody" because that's the owner of the cold fusion process (yes, i'm using cold fusion. shut up and quit laughing.) and i still can't do anything unless the directory is 777.

how big a security risk is that, having the permissions wide open like that?
 06/28/2005 05:22:32 PM · #16
ok 775 works with the nobody group.
 06/28/2005 05:31:34 PM · #17
Well, you generally don't want to let your webserver write... unless it owns the files it's writing to, which is the point of the chgrp. What do you mean by "the only way i can write to the directory..."? How are you trying to write to it?
 06/28/2005 05:33:35 PM · #18
it's a cold fusion script that allows individuals to upload files of a limited MIME type (JPEG) and a limited size. if the permissions are not set so that CF can write the file to the directory on the server, it just ignores it and moves on (no error message).

Message edited by author 2005-06-28 17:33:57.
 06/28/2005 05:41:31 PM · #19
Then make that directory owned by the user (nobody) and make the group apache (just in case it's funny about these things) and set the directory to 775. That'll let apache and cf write and execute but not other users. If you only want cf to write, and not apache, set it to 755.
 06/28/2005 05:45:29 PM · #20
genius! thank you!
 06/28/2005 05:48:23 PM · #21
glad i could help :D
Pages:  
Current Server Time: 04/24/2024 07:31:02 AM

Please log in or register to post to the forums.


Home - Challenges - Community - League - Photos - Cameras - Lenses - Learn - Prints! - Help - Terms of Use - Privacy - Top ^
DPChallenge, and website content and design, Copyright © 2001-2024 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 04/24/2024 07:31:02 AM EDT.