Private folder that only PHP can access

[kael.shipman]

Hey everybody,

 

This doesn't exactly fit under Apache concerns, but it's a general webserver question:

 

I need to create an image folder that isn't browse-able by the public but that PHP can still read from and write to. I've experimented a little bit with permissions but just don't know enough about what the permissions mean to really use them with confidence. It's a public web server, so I know I don't have unlimited control, but it's also got a lot of permissions control that it does relinquish to the administrator. I just don't want to risk opening up the system to an easy attack.

 

Anyway, the structure is like this:

 

root/

->Database

->ftproot

->htdocs

  |->index.php

  |->[rest of site files]

->original_images

  |->[imagefiles]

 

 

I don't want users to be able to type in a url and view images from the original_images folder, but I need PHP to be able to copy uploaded files to it and read files from it into memory.

 

From my tests, it looks like it's not currently accessible by url, and PHP can read from it. PHP can also modify files that are already there, so if original_images/test.jpg exists and I call move_uploaded_file($_FILE['image']['tmp_name'], '../original_images/test.jpg') from /index.php, it works great and overwrites that file with the new image information. However, if the file doesn't already exist, calling the above move_uploaded_file() function throws an error ("Unable to access file...."). chmod() throws the same error regardless of whether the file exists or not.

 

The hosting company allows folder permissions to be changed for the anonymous user, but then it also allows you to create users and assign permissions for certain users. Is there a way for PHP to access the folder using a specific username/password instead of anonymous or PHP or whatever it uses currently?

 

Thanks in advance for any help.

 

-kael

[effigy]

How about this?

[kael.shipman]

Thanks for the resource, but that's not exactly what I'm looking for. I'm not planning on ever displaying these images anywhere on my site. They're simply for php to use as starting points for other images. Therefore, theft by downloading or hotlinking isn't a concern for me since I've determined that the images can't be accessed by a url.

 

What I need is advice on how I can work my folder/user permissions for PHP to be able to look above the web root directory and into this images folder without compromising any server security.

[effigy]

What are the permissions, owner, and group of original_images?

What user and group does Apache run as? Are you in its group?

[steviewdr]

chmod 777 original_images

 

cd original_images

vi .htaccess

####

deny from all

####

 

Php and apache will still be able to read/write to this folder.

-steve

[kael.shipman]

Sorry for the delayed reply here

 

effigy: I admit, I'm not really great in the realm of interpreting actual server and file configurations. The hosting company has this stupid FTP management web interface and it blocks my actual FTP program from viewing or editing permissions. Here's what I can divine from their interface:

 

Valid options for permissions are "none", "read", "change" and "full control", and each folder has a field for administrator (that's always set to "full control and isn't editable"), a field for anonymous that seems not to be able to receive "full control", and a box where you can add users and set permissions for each of those. What I see is that my original_images folder is set up as "change" for anonymous, which should be enough, I think. That seems to work just fine when it's under htdocs, but it doesn't work when it's above htdocs. That's when it starts displaying the weird problems that I noted before (like being able to overwrite files that are already there, but not being able to create new ones).

 

steve: Thanks for the .htaccess tip. I think I'll probably end up using that method if the hosting company allows me to use that feature. I'd still like to learn a little bit more about the specifics of managing permissions, though, so if I could do it without a server exception, that would be ideal.

 

Thanks to both of you!

 

-kael