SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    if ($zee == "Guru") { $zee--;}
    Join Date
    Nov 2005
    Location
    Karachi - Pakistan
    Posts
    1,134
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Directory / File Mode

    Hi

    I have a script that generated some HTML pages, and also create directories. But what I did was I change the permission of the main directory public_html as 0777 through FTP.

    Is this OK ? are there any security threats ?
    Please let me know what is the proper way to do this ?

    Further, I am using this function to create file and directory :
    PHP Code:
    function createDir($dir_to_create,$mode)
    {
        if (!
    file_exists($dir_to_create))
        {
            
    mkdir ($dir_to_create,$mode);
        }

    as I mentioned that main folder public_html has been set 0777 but the new created folders and files (through script) are not 0777 even i used this :

    PHP Code:
    createDir("dirname",0777
    please guide me
    Thanks
    Zeeshan

  2. #2
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Further, I am using this function to create file and directory :
    function createDir($dir_to_create,$mode){
    if (!file_exists($dir_to_create)){
    mkdir ($dir_to_create,$mode);
    }
    }
    I dont think that
    PHP Code:
    mkdir ($dir_to_create,$mode); 
    will not create a file.

    And don't create the directories directly in the public_html (root). If you are comfortable with creating new directory/files into a separate directory (like member directory under main root that is create earlier manually then create other directories inside it). I cant point out here a particular vulnerability now but giving full write permission to the root directory is not the good idea.
    PHP Manual says:
    The mode is 0777 by default, which means the widest possible access. For more information on modes, read the details on the chmod() page.
    So you don't need to specify the mode while creating directories with mkdir(). If there is still problem try with chmod() once.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  3. #3
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There's something called umask that affects the permissions of filesystem objects you create.

    Changing the permissions of your root web directory, or any directory, to be world-writable only has concerns if (1) there are other users on the server and there is no mechanism in place to prevent them from accessing your files, or (2) there's an exploit in your script. Otherwise, it's fine.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •