0

i am unaware on the cons and pros of giving the directory permission to 0777, and i have left with no choice but to use the 0777 file permission to upload files on my server through my application.

the following file permission works for me to upload file 0757 and 0557. this means i can upload the file with the world or other permission and not from user or group.

is it safe for me to use that permission. if not what is wrong with the application, why is refusing to upload through user or group.

thank you

Joel Coel
  • 12,932
  • 14
  • 62
  • 100
Ibrahim Azhar Armar
  • 225
  • 1
  • 3
  • 9

2 Answers2

1

There are two solutions here, either set the directory to be 0777 as suggested in the documentation, or change the owner of the directory to the user under which PHP runs. The latter would allow you to run with more restrictive permissions, but it may not actually get you any more security if PHP is running under a web server, a it will be running as user _www or nobody or similar, the same as every other script that the web server will be running.

GordonM
  • 126
  • 5
0

The owner of the directory must be the same as the user that the web server runs as. If the directory owner matches the server user then you should be able to upload with 0755 permission.

  • i am on a shared hosting, using the shared account, does my shared account recognize me as the owner or the other? –  Oct 16 '10 at 07:30
  • @Ibrahim: The easiest way to find the correct user is probably to run: `ps aux | grep httpd`. This way you can find out which user is "owning" the HTTP server. You need to chown your upload directory to that user. If you can't do that, talk to your hoster, he can surely help you. –  Oct 16 '10 at 07:44
  • I assume that the directory is currently owned by the shared account. Your application is not running as this user. It is running as the user of the web server. On my mac this user is _www. You can find out what the web server user is on your host by running 'ls -l' on the upload directory and seeing the owner for the files that were successfully uploaded. Then you would submit some sort of support ticket to your shared hosting provider to change the owner of the upload directory to that user and the permission to 0755. –  Oct 16 '10 at 07:47