httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mario Antonio" <d...@webjogger.net>
Subject [users@httpd] Folder Permissions
Date Fri, 06 Jun 2003 13:48:25 GMT
Hi,

I am running apache as follows:
Server Version: Apache/1.3.27 (Unix) mod_perl/1.27 mod_ssl/2.8.14
OpenSSL/0.9.7a PHP/4.3.1

I got a security concern.
When using a php script that uploads files to the server, I need to give
write permissions to everybody in that specific folder (within the
public_html folder)

When a file is uploaded, That file is now owned by "WWW" (apache user) and
its group remains the same (the  user's group that owns that folder)

These are the permissions of that specific folder:
drwxrwxrwx  2 myuser  myuser    512 Jun  5 15:24 myfolder_to_upload

And these are the permissions of the file that is uploaded:
-rw-r--r--  1 www     myuser    58880 Jun  5 14:11 my_uploaded_file.doc


is this Ok? or is it something that I should stay away from?
If it is such a security threat, How to provide a safe environment to
upload files through  web scripts?

I hope this question is within the context of this mailing list since my
concerns, as Apache Admin, is how to set up properly folder permissions for
cgi and php scripts.

Regards

Mario Antonio

---
[This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message