[SOLVED] Security and directory access

[weemikey]

Hey folks. Not fully a PHP question, but I'm looking for some clarification.

 

I'm building a document management system where the files are stored on the server in user-created directories. The directories SEEM to need be to 777 for the user to upload documents. Of course, this seems like a bad idea security wise.

 

Is my best option to chmod the directory BEFORE the user uploads, then chmod it back? I'm not very up to speed on Unix stuff, so I'm not fully sure what the ramifications of the 777 permissions mean in the real world.

 

Any insight would be appreciated.

 

Thanks! Mikey

[revraz]

666 wont work?

[weemikey]

Well, again, I don't really understand the Unix permissions all that well.

 

My understanding is that if I leave read/write permissions open (which 666 still allows) that some random person out on the internet is going to hack in and steal documents or upload files without permission. I would think that the safe permissions would be 755, so that no one can write to the folder. But then I have to code up some chmod stuff to change it when a file needs to be uploaded.

 

This is a brower/session based system and I don't know in the sense of "owner/group/user" where the actual logged in users fit. Does that make sense?

[revraz]

Move the file after it's uploaded to a secure area.

 

[weemikey]

Okay, I'll set something like that up. Thanks for your help!

 

[revraz]

Probably different ways, was just a sugestion on my part.