• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2990
  • Last Modified:

PHP file upload folder permissions and user accounts

I have completed a PHP web project which involves regular visitors and an administrator who controls the show.

One of the things requested for the administrator only (i.e behind a password) is the ability to upload files, which can then be accessed by the PHP files for the rest of the visitors.

I have it working fine on a development server, but on the production server the sysadmin is very concerned about making a folder writable, even though I have suggested taking it out of the web area altogether and defining an alias to it.

He has suggested that "rather than using the default iusr_servername account that IIS uses" he would like to create a separate account which has write permissions to the folder in question, and asks if I can change the 'user account' for PHP for the upload process so that the upload (only) would have the write ability required, rather than the normal PHP account.

I have to admit this is all getting a little abstract, but I would be grateful for some views, or if this has already been answered can some one point me on my way? I can see where he is going but I have never seen this done and am not sure if it is possible.

If there is no answer to this specific problem, can you suggest a way of addressing his fears for write access permissions? Many thanks.
1 Solution
Permissions on a directory are not too big a risk as long as the correct precautions are taken to prevent security holes in your system being exploited.

For example, it is legit to have a directory with chmod 777 (ie. read/write/execute all) as long as you don't invite users to cause havoc. That is to say if you are allowing file uploads restrict the types of files that can be uploaded, do not allow files with server side language extensions or executables because a user could write a simple script to delete specific filed and folders, upload it to your site, run it on your server and get away with causing a major headache.

The bottom line is validate all data that is being transferred to your server and make sure your scripts are written tight, ie - with no chance of a user finding a flaw in your code and taking advantage of it.
Couldn't you use ftp?

You'd write a form which uploads to file to the temp-folder as default, but instead of using move_uploaded_file (which requires the write chmod), you'd use a ftp connection and upload the file. As i suppose the servmin has already set up some ftp accounts, adding one account able to write to some specific directory would be that much of a problem.


CarswelljAuthor Commented:
Thanks guys.

I have already restricted the file types in the upload and the single user is controlled by password access. There remains some reluctance to change the permissions of the folder because its potential for for damage if anyone manages to access it somehow.

So I think you chaps are going along the same thinking patterns as I have, but can I take it then that my original question is impossible? To change the server user account used by PHP on the fly from a script, so that 'writable' access would be restricted to that single user for the folder?

I can't see it is possible myself because I think it would really be a security risk, but I do need to get to the bottom of this aspect. A 'no' is as good as a 'yes' I just need a definitive answer.

Many thanks
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Mwah.. using some exec() statements you could login to the system and act like an other users. I just forgot how its called, the program which let you execute things as a other user, but I'm not that much of a linux guru at all!

CarswelljAuthor Commented:
Thanks Roonaan,

It is actually on IIS  - does that help?
No it doesn't :) I am not sure whether windows/iss has commandline accounts or programs to temporary login as an other user and transfer the file in that mode.


hmz. my cat jumped on the keyboard and added the whitelines while I was trying to click the submit button.. sorry for that :-/

CarswelljAuthor Commented:
Thanks for your reply. I appreciate it.

I think the answer is 'no' then, but perhaps I will leave this open for the rest of the day and accept the answer at the end of it. (I am relatively new here so please excuse me if I am not entirely sure about etiquette).
Just for future reference, anytime someone mentions the server running as IUSR_something it often means IIS.

If you're asking if you can make IIS continue to run as IUSR_whatever and have PHP run as something else, then the answer is probably no. If IIS is the one calling PHP (whether by executable or ISAPI filter), it would inherit the permissions of whatever IIS was running as. So if IIS is running as IUSR_MyBox, then PHP will run as the same user.

I don't see why he doesn't just add the IUSR_ account to the folder permissions. (Maybe to prevent other web scripts from being able to access the directory?)

One thing you COULD do is write the file to a temporary directory and then write its filename in a database table of "files to upload". Then create a simple VB program to query the database for files to upload and then move those files out of the temporary directory into the directory that has special permissions, and have it run every minute under the special account (you can tell Windows to run scheduled jobs as certain users). That's a long way around the problem, but it's a possibility.

(The reason you'd use the database is to avoid people just writing files to the directory and having them moved over automatically - they would have to know that they'd need to write the filename into the database table, too).

- J
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now