ChenXiu Posted June 15, 2021 Share Posted June 15, 2021 PHP is owner of image directory with "permissions 660." Why can't PHP write to it? (a "permission denied" error is generated.) But if I allow execute permission ("760") then it works. Why?? My script is: $imagePath = '../imageDirectory/'.gif'; $image = imagecreatefromstring(base64_decode($raw_image_data)); $rotate = imagerotate($image,-90,0); imagegif($rotate,'../imageDirectory/'.gif'); Is it because the imagerotate and imagegif functions need the execute requirements to be able to monkey with the image? Thank you. Sub question (maybe more important than the first question): PHP is configured to run as "user = www-data" and "group = www-data" I am also a member of the group "www-data." For me to be able to read and delete files in that aforementioned imageDirectory, should the imageDirectory be chown www-data:www-data ?? or chown myself:www-data ?? (both styles work) Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/312916-execute-permission-to-write-really/ Share on other sites More sharing options...
Phi11W Posted June 15, 2021 Share Posted June 15, 2021 1 hour ago, ChenXiu said: PHP is owner of image directory with "permissions 660." This is a fundamental difference between files and directories. On a file, the execute bit makes the file .. well .. executable. On a directory, the "execute" bit makes the directory "navigable", i.e. you can get "into" it. At present, you can see that the directory exists - you can 'r'ead it in a listing of the parent directory - but you cannot navigate into it. To do that, the directory must have its Execute bit set. More typical permissions on a directory would be 750: User:rwx Group:rx Other:(None) This link explains it better, albeit talking about NFS and UFS, but the principle applies to all types of file system. 1 hour ago, ChenXiu said: For me to be able to read and delete files in that aforementioned imageDirectory, should the imageDirectory be chown www-data:www-data ?? or chown myself:www-data ?? (both styles work) It works because you're using the Group-level permissions, which allow you to delete things. You should leave it owned by www-data: that account is the owner of this data and works with it all the time; you're just popping in and out now and again (and, if you were to move on to another job, deleting your account would not take down the whole system!) Regards, Phill W. 1 Quote Link to comment https://forums.phpfreaks.com/topic/312916-execute-permission-to-write-really/#findComment-1587241 Share on other sites More sharing options...
ChenXiu Posted June 17, 2021 Author Share Posted June 17, 2021 On 6/15/2021 at 7:14 AM, Phi11W said: More typical permissions on a directory would be 750: User:rwx Group:rx Other:(None) Thank you very much for your answer. I think for the first time I'm "getting it." For me, Permissions have always been like chess, string theory, and religion: lots of trial and error.... and faith. Now, not only do I know what the typical permissions should be (750), I'm also "getting" what the r, w, and x mean. Thank you!! p.s. While I'm now finally getting it, I'm having fun lowering my permissions notch by notch... until something fails. Like having a window open just enough to let fresh air in, but not let rain in. Quote Link to comment https://forums.phpfreaks.com/topic/312916-execute-permission-to-write-really/#findComment-1587285 Share on other sites More sharing options...
Phi11W Posted June 18, 2021 Share Posted June 18, 2021 On 6/17/2021 at 2:11 AM, ChenXiu said: I'm having fun lowering my permissions notch by notch... until something fails. Excellent! If anyone asks, you're now applying the Principle of Least Privilege, getting your application work with the minimum level of permissions - just what it needs and nothing more. Also, you are now qualified to laugh openly at anyone that runs their entire Application as root. 😉 Regards, Phill W. 1 Quote Link to comment https://forums.phpfreaks.com/topic/312916-execute-permission-to-write-really/#findComment-1587350 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.