Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


PHP file upload folder permissions and user accounts

Posted on 2004-09-26
Medium Priority
Last Modified: 2008-01-09
I have completed a PHP web project which involves regular visitors and an administrator who controls the show.

One of the things requested for the administrator only (i.e behind a password) is the ability to upload files, which can then be accessed by the PHP files for the rest of the visitors.

I have it working fine on a development server, but on the production server the sysadmin is very concerned about making a folder writable, even though I have suggested taking it out of the web area altogether and defining an alias to it.

He has suggested that "rather than using the default iusr_servername account that IIS uses" he would like to create a separate account which has write permissions to the folder in question, and asks if I can change the 'user account' for PHP for the upload process so that the upload (only) would have the write ability required, rather than the normal PHP account.

I have to admit this is all getting a little abstract, but I would be grateful for some views, or if this has already been answered can some one point me on my way? I can see where he is going but I have never seen this done and am not sure if it is possible.

If there is no answer to this specific problem, can you suggest a way of addressing his fears for write access permissions? Many thanks.
Question by:Carswellj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Expert Comment

ID: 12155896
Permissions on a directory are not too big a risk as long as the correct precautions are taken to prevent security holes in your system being exploited.

For example, it is legit to have a directory with chmod 777 (ie. read/write/execute all) as long as you don't invite users to cause havoc. That is to say if you are allowing file uploads restrict the types of files that can be uploaded, do not allow files with server side language extensions or executables because a user could write a simple script to delete specific filed and folders, upload it to your site, run it on your server and get away with causing a major headache.

The bottom line is validate all data that is being transferred to your server and make sure your scripts are written tight, ie - with no chance of a user finding a flaw in your code and taking advantage of it.
LVL 49

Expert Comment

ID: 12156136
Couldn't you use ftp?

You'd write a form which uploads to file to the temp-folder as default, but instead of using move_uploaded_file (which requires the write chmod), you'd use a ftp connection and upload the file. As i suppose the servmin has already set up some ftp accounts, adding one account able to write to some specific directory would be that much of a problem.



Author Comment

ID: 12157894
Thanks guys.

I have already restricted the file types in the upload and the single user is controlled by password access. There remains some reluctance to change the permissions of the folder because its potential for for damage if anyone manages to access it somehow.

So I think you chaps are going along the same thinking patterns as I have, but can I take it then that my original question is impossible? To change the server user account used by PHP on the fly from a script, so that 'writable' access would be restricted to that single user for the folder?

I can't see it is possible myself because I think it would really be a security risk, but I do need to get to the bottom of this aspect. A 'no' is as good as a 'yes' I just need a definitive answer.

Many thanks

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 49

Expert Comment

ID: 12158270
Mwah.. using some exec() statements you could login to the system and act like an other users. I just forgot how its called, the program which let you execute things as a other user, but I'm not that much of a linux guru at all!


Author Comment

ID: 12158522
Thanks Roonaan,

It is actually on IIS  - does that help?
LVL 49

Expert Comment

ID: 12158539
No it doesn't :) I am not sure whether windows/iss has commandline accounts or programs to temporary login as an other user and transfer the file in that mode.


LVL 49

Expert Comment

ID: 12158540
hmz. my cat jumped on the keyboard and added the whitelines while I was trying to click the submit button.. sorry for that :-/


Author Comment

ID: 12158549
Thanks for your reply. I appreciate it.

I think the answer is 'no' then, but perhaps I will leave this open for the rest of the day and accept the answer at the end of it. (I am relatively new here so please excuse me if I am not entirely sure about etiquette).
LVL 35

Accepted Solution

gr8gonzo earned 750 total points
ID: 12161466
Just for future reference, anytime someone mentions the server running as IUSR_something it often means IIS.

If you're asking if you can make IIS continue to run as IUSR_whatever and have PHP run as something else, then the answer is probably no. If IIS is the one calling PHP (whether by executable or ISAPI filter), it would inherit the permissions of whatever IIS was running as. So if IIS is running as IUSR_MyBox, then PHP will run as the same user.

I don't see why he doesn't just add the IUSR_ account to the folder permissions. (Maybe to prevent other web scripts from being able to access the directory?)

One thing you COULD do is write the file to a temporary directory and then write its filename in a database table of "files to upload". Then create a simple VB program to query the database for files to upload and then move those files out of the temporary directory into the directory that has special permissions, and have it run every minute under the special account (you can tell Windows to run scheduled jobs as certain users). That's a long way around the problem, but it's a possibility.

(The reason you'd use the database is to avoid people just writing files to the directory and having them moved over automatically - they would have to know that they'd need to write the filename into the database table, too).

- J

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question