Solved

PHP file upload folder permissions and user accounts

Posted on 2004-09-26
9
2,967 Views
Last Modified: 2008-01-09
I have completed a PHP web project which involves regular visitors and an administrator who controls the show.

One of the things requested for the administrator only (i.e behind a password) is the ability to upload files, which can then be accessed by the PHP files for the rest of the visitors.

I have it working fine on a development server, but on the production server the sysadmin is very concerned about making a folder writable, even though I have suggested taking it out of the web area altogether and defining an alias to it.

He has suggested that "rather than using the default iusr_servername account that IIS uses" he would like to create a separate account which has write permissions to the folder in question, and asks if I can change the 'user account' for PHP for the upload process so that the upload (only) would have the write ability required, rather than the normal PHP account.

I have to admit this is all getting a little abstract, but I would be grateful for some views, or if this has already been answered can some one point me on my way? I can see where he is going but I have never seen this done and am not sure if it is possible.

If there is no answer to this specific problem, can you suggest a way of addressing his fears for write access permissions? Many thanks.
0
Comment
Question by:Carswellj
9 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 12155896
Permissions on a directory are not too big a risk as long as the correct precautions are taken to prevent security holes in your system being exploited.

For example, it is legit to have a directory with chmod 777 (ie. read/write/execute all) as long as you don't invite users to cause havoc. That is to say if you are allowing file uploads restrict the types of files that can be uploaded, do not allow files with server side language extensions or executables because a user could write a simple script to delete specific filed and folders, upload it to your site, run it on your server and get away with causing a major headache.

The bottom line is validate all data that is being transferred to your server and make sure your scripts are written tight, ie - with no chance of a user finding a flaw in your code and taking advantage of it.
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12156136
Couldn't you use ftp?

You'd write a form which uploads to file to the temp-folder as default, but instead of using move_uploaded_file (which requires the write chmod), you'd use a ftp connection and upload the file. As i suppose the servmin has already set up some ftp accounts, adding one account able to write to some specific directory would be that much of a problem.

regards

-r-
0
 

Author Comment

by:Carswellj
ID: 12157894
Thanks guys.

I have already restricted the file types in the upload and the single user is controlled by password access. There remains some reluctance to change the permissions of the folder because its potential for for damage if anyone manages to access it somehow.

So I think you chaps are going along the same thinking patterns as I have, but can I take it then that my original question is impossible? To change the server user account used by PHP on the fly from a script, so that 'writable' access would be restricted to that single user for the folder?

I can't see it is possible myself because I think it would really be a security risk, but I do need to get to the bottom of this aspect. A 'no' is as good as a 'yes' I just need a definitive answer.

Many thanks
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12158270
Mwah.. using some exec() statements you could login to the system and act like an other users. I just forgot how its called, the program which let you execute things as a other user, but I'm not that much of a linux guru at all!

-r-
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Carswellj
ID: 12158522
Thanks Roonaan,

It is actually on IIS  - does that help?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12158539
No it doesn't :) I am not sure whether windows/iss has commandline accounts or programs to temporary login as an other user and transfer the file in that mode.

-r-'















0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12158540
hmz. my cat jumped on the keyboard and added the whitelines while I was trying to click the submit button.. sorry for that :-/

-r-
0
 

Author Comment

by:Carswellj
ID: 12158549
Thanks for your reply. I appreciate it.

I think the answer is 'no' then, but perhaps I will leave this open for the rest of the day and accept the answer at the end of it. (I am relatively new here so please excuse me if I am not entirely sure about etiquette).
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 12161466
Just for future reference, anytime someone mentions the server running as IUSR_something it often means IIS.

If you're asking if you can make IIS continue to run as IUSR_whatever and have PHP run as something else, then the answer is probably no. If IIS is the one calling PHP (whether by executable or ISAPI filter), it would inherit the permissions of whatever IIS was running as. So if IIS is running as IUSR_MyBox, then PHP will run as the same user.

I don't see why he doesn't just add the IUSR_ account to the folder permissions. (Maybe to prevent other web scripts from being able to access the directory?)

One thing you COULD do is write the file to a temporary directory and then write its filename in a database table of "files to upload". Then create a simple VB program to query the database for files to upload and then move those files out of the temporary directory into the directory that has special permissions, and have it run every minute under the special account (you can tell Windows to run scheduled jobs as certain users). That's a long way around the problem, but it's a possibility.

(The reason you'd use the database is to avoid people just writing files to the directory and having them moved over automatically - they would have to know that they'd need to write the filename into the database table, too).

- J
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now