Jump to content


Photo

Writing to files, security, and chmod 777.


  • Please log in to reply
3 replies to this topic

#1 wyrd33

wyrd33
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 09 March 2006 - 09:35 PM

Okay, I have a script that creates files and writes to them in a specific folder. However, I have to chmod 777 the folder for it to work. This is insecure, obviously. The reason for this, using system("whoami"), returns "nobody". Thus, the script isn't executing under my username, it's executing from the web, which is nobody. I guess this is obvious and typical.

What I'm looking for is a way to run the script as myself, so I do not have to insecurely chmod 777 the directory. I would like to keep it 755 and have a secure, safe web site (well, as safe as I can make it, anyway).

How can I accomplish this? Will executing the script with a cronjob work? If I run system("whoami") from a cronjob will it show up as my username rather than "nobody"?

I can't think of any other ways to get around this. I really, really don't want to chmod 777 a directory.

#2 k.soule

k.soule
  • Members
  • PipPipPip
  • Advanced Member
  • 30 posts
  • LocationIllinois

Posted 10 March 2006 - 01:24 AM

Using the chmod() function in PHP means that the server itself is changing the permissions of the directory; PHP is parsed by the server, this is the most secure method than you can choose, in my opinion.

#3 wyrd33

wyrd33
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 10 March 2006 - 05:56 AM

I think you misread my post. I'm not talking about chmod() the PHP command.

#4 fooDigi

fooDigi
  • Members
  • PipPipPip
  • Advanced Member
  • 250 posts
  • LocationDuluth, Mn

Posted 10 March 2006 - 08:56 AM

i believe anyone who accesses this via the web is using a general user account created by the admin. anything that is created by the web user inherits the permissions. correct me if im wrong.
All your base are belong to us.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users