Carswellj
asked on
PHP file upload folder permissions and user accounts
I have completed a PHP web project which involves regular visitors and an administrator who controls the show.
One of the things requested for the administrator only (i.e behind a password) is the ability to upload files, which can then be accessed by the PHP files for the rest of the visitors.
I have it working fine on a development server, but on the production server the sysadmin is very concerned about making a folder writable, even though I have suggested taking it out of the web area altogether and defining an alias to it.
He has suggested that "rather than using the default iusr_servername account that IIS uses" he would like to create a separate account which has write permissions to the folder in question, and asks if I can change the 'user account' for PHP for the upload process so that the upload (only) would have the write ability required, rather than the normal PHP account.
I have to admit this is all getting a little abstract, but I would be grateful for some views, or if this has already been answered can some one point me on my way? I can see where he is going but I have never seen this done and am not sure if it is possible.
If there is no answer to this specific problem, can you suggest a way of addressing his fears for write access permissions? Many thanks.
One of the things requested for the administrator only (i.e behind a password) is the ability to upload files, which can then be accessed by the PHP files for the rest of the visitors.
I have it working fine on a development server, but on the production server the sysadmin is very concerned about making a folder writable, even though I have suggested taking it out of the web area altogether and defining an alias to it.
He has suggested that "rather than using the default iusr_servername account that IIS uses" he would like to create a separate account which has write permissions to the folder in question, and asks if I can change the 'user account' for PHP for the upload process so that the upload (only) would have the write ability required, rather than the normal PHP account.
I have to admit this is all getting a little abstract, but I would be grateful for some views, or if this has already been answered can some one point me on my way? I can see where he is going but I have never seen this done and am not sure if it is possible.
If there is no answer to this specific problem, can you suggest a way of addressing his fears for write access permissions? Many thanks.
Couldn't you use ftp?
You'd write a form which uploads to file to the temp-folder as default, but instead of using move_uploaded_file (which requires the write chmod), you'd use a ftp connection and upload the file. As i suppose the servmin has already set up some ftp accounts, adding one account able to write to some specific directory would be that much of a problem.
regards
-r-
You'd write a form which uploads to file to the temp-folder as default, but instead of using move_uploaded_file (which requires the write chmod), you'd use a ftp connection and upload the file. As i suppose the servmin has already set up some ftp accounts, adding one account able to write to some specific directory would be that much of a problem.
regards
-r-
ASKER
Thanks guys.
I have already restricted the file types in the upload and the single user is controlled by password access. There remains some reluctance to change the permissions of the folder because its potential for for damage if anyone manages to access it somehow.
So I think you chaps are going along the same thinking patterns as I have, but can I take it then that my original question is impossible? To change the server user account used by PHP on the fly from a script, so that 'writable' access would be restricted to that single user for the folder?
I can't see it is possible myself because I think it would really be a security risk, but I do need to get to the bottom of this aspect. A 'no' is as good as a 'yes' I just need a definitive answer.
Many thanks
I have already restricted the file types in the upload and the single user is controlled by password access. There remains some reluctance to change the permissions of the folder because its potential for for damage if anyone manages to access it somehow.
So I think you chaps are going along the same thinking patterns as I have, but can I take it then that my original question is impossible? To change the server user account used by PHP on the fly from a script, so that 'writable' access would be restricted to that single user for the folder?
I can't see it is possible myself because I think it would really be a security risk, but I do need to get to the bottom of this aspect. A 'no' is as good as a 'yes' I just need a definitive answer.
Many thanks
Mwah.. using some exec() statements you could login to the system and act like an other users. I just forgot how its called, the program which let you execute things as a other user, but I'm not that much of a linux guru at all!
-r-
-r-
ASKER
Thanks Roonaan,
It is actually on IIS - does that help?
It is actually on IIS - does that help?
No it doesn't :) I am not sure whether windows/iss has commandline accounts or programs to temporary login as an other user and transfer the file in that mode.
-r-'
-r-'
hmz. my cat jumped on the keyboard and added the whitelines while I was trying to click the submit button.. sorry for that :-/
-r-
-r-
ASKER
Thanks for your reply. I appreciate it.
I think the answer is 'no' then, but perhaps I will leave this open for the rest of the day and accept the answer at the end of it. (I am relatively new here so please excuse me if I am not entirely sure about etiquette).
I think the answer is 'no' then, but perhaps I will leave this open for the rest of the day and accept the answer at the end of it. (I am relatively new here so please excuse me if I am not entirely sure about etiquette).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For example, it is legit to have a directory with chmod 777 (ie. read/write/execute all) as long as you don't invite users to cause havoc. That is to say if you are allowing file uploads restrict the types of files that can be uploaded, do not allow files with server side language extensions or executables because a user could write a simple script to delete specific filed and folders, upload it to your site, run it on your server and get away with causing a major headache.
The bottom line is validate all data that is being transferred to your server and make sure your scripts are written tight, ie - with no chance of a user finding a flaw in your code and taking advantage of it.