Skip to main content
A
Anonymous
November 17, 2012
Answered

photo upload file permissions?

  • November 17, 2012
  • 2 replies
  • 5338 views

Hi,

My website will give users the option to upload photographs which will be displayed on the website.

Before a user can do this they must register or be logged in to their account.

I will be using a shared hosting environment.

My script does check the file size and type and only allows .jpg .gifs and .png.

I need to set global permissions, is there a way of defining a registered user as the owner so that I only need apply owner permissions of 700 rather than setting at 777?

My other concern is that the files that I upload the photos to is also the one that I link to from my web pages to display the images, should I be copying the uploaded images to another file then linking to that one to display the images?

Hope I am making sense.

Thank you in advance for your help and information.

This topic has been closed for replies.
Correct answer David_Powers

Hi David,

Thanks for baring with me on this.

So when I use dreamweaver ftp to set up and transfer my remote site it will automatically set directory permissions to 755 and file permsiions (for existing files?) to 644, so when my script creates an image and puts it in the assigned directory (which would have permissions set when I did remote setup), then I possibily need to set file permissions on each new upload??

I don't think i am following.

Or are you saying that after I have used dreamweaver ftp to set up and transfer my remote site (with automatic permission settings) I still need to check that the images that are uploaded / the script that i am using works with the 644 permissions set by dreamweaver ftp on remote transfer?

Or something else completely and I am losing the plot!

My apologies for not understanding, thank you ever so much for your time with this.


When you use Dreamweaver to upload files and/or create new directories, Dreamweaver automatically sets directory permissions to 755 and file permissions to 644.

When you use PHP's mkdir() function to create a new directory, the default permissions are 777. The PHP documentation gives no information regarding the default permissions created by move_uploaded_file().

Use your script to upload some test files. Then check what permissions they have using your website's control panel. If they're 644, stop worrying. If they're not 644, modify your upload script to add chmod():

chmod($path_to_uploaded_file, 0644);

2 replies

Rob Hecker2
Rob Hecker2
Legend
November 18, 2012

is there a way of defining a registered user as the owner so that I only need apply owner permissions of 700 rather than setting at 777?

If users are uploading through the HTTP protocol, then the owner of the folders and files is going to be set to the website ownership.All files and folders will share the same ownership. As long as the scripts performing the uploads are within the same account, there should not be an issue, and you should be able to assign more restrictive permissions than 777. Why do you feel you need to assign apache permissions to individual users? (which you can't do anyway, using http)  It would be pretty easy using sessions and PHP  to keep user files separate from each other in unique folders.

But if users will use the FTP protocol, the situation would be very different.

A
Anonymous
November 18, 2012

Hi Rob,

Just to clarify your helpful comments, there are two comments that I am not fully understanding.

Firstly yes I am allowing registered users to upload through http protocol.

And yes the files that are being uploaded to will be under website ownership.

As it will be shared apache hosting I need to set read write and execute permissions to allow the upload script to perform, which I have to do using chmod and assigning restrictive permissions if possible.

Your comment: As long as the scripts performing the uploads are within the SAME ACCOUNT....

The script is just there within the page, a user registers their details and then is allow to go to the page that upload information to the database and photos to the upload script, returning users, after log in is verified, are also allowed on the page that upload photos, DOES THAT MEAN THEY ARE WITHIN THE SAME ACCOUNT AS WEBSITE OWNER?

Your comment:  Why do you feel you need to assign apache permissions to INDIVIDUAL USERS?

I wanted to apply permission the the upload files but I thought the 'status' of my users would be like 'general public' I guess that ties in with the last comment about account ownership, for what ever reason I was thinking that a user, even if registered, would be just like a a public person and for them to be able to use the upload scripts I thought that I would need to somehow tell the files that this person was the 'owner' so that I could apply 700 permissions to the actual file rather than 777 permissions, I was trying to find a way to use a more restrictive permission level ( sorry if I didn't explain it well).

So I am getting this right, I do hope so! A user on my website who is using the upload scripts has ownership permissions, so if I set the permissions on my upload file to 700, it will allow read, write and execute permission for the file and I don't need to set the status of my users to 'owner' they just will be as such the 'owner' because they are using the script?

Thank you for your time a patience, I look forward to your reply and hopefully confirmation that i am now understanding this correctly.

Best regards 

Date: Sat, 17 Nov 2012 20:58:59 -0700

From: forums_noreply@adobe.com

To: [email deleted]

Subject: Re: photo upload file permissions? photo upload file permissions?

    Re: photo upload file permissions?

    created by Rob Hecker2 in Developing server-side applications in Dreamweaver - View the full discussion

is there a way of defining a registered user as the owner so that I only need apply owner permissions of 700 rather than setting at 777?If users are uploading through the HTTP protocol, then the owner of the folders and files is going to be set to the website ownership.All files and folders will share the same ownership. As long as the scripts performing the uploads are within the same account, there should not be an issue, and you should be able to assign more restrictive permissions than 777. Why do you feel you need to assign apache permissions to individual users? (which you can't do anyway, using http)  It would be pretty easy using sessions and PHP  to keep user files separate from each other in unique folders. But if users will use the FTP protocol, the situation would be very different.

Please note that the Adobe Forums do not accept email attachments. If you want to embed a screen image in your message please visit the thread in the forum to embed the image at http://forums.adobe.com/message/4855936#4855936

Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page: Re: photo upload file permissions?

To unsubscribe from this thread, please visit the message page at Re: photo upload file permissions?. In the Actions box on the right, click the Stop Email Notifications link.

Start a new discussion in Developing server-side applications in Dreamweaver by email or at Adobe Community

  For more information about maintaining your forum email notifications please go to http://forums.adobe.com/message/2936746#2936746.

David_Powers
David_Powers
Inspiring
November 18, 2012

PHP scripts are run by the web server, which acts as the "owner". That's why Rob says it would be different if the upload is via FTP. With FTP, the individual user logs in, and is allowed to upload, move, and delete files within the permissions assigned to that user. When uploading via HTTP, the web server "owns" the files.

In order to create a new file, you need read, write, and execute permissions (7). To display a file, you need read and execute permissions (5). Depending on how the server has been set up, you might be able to use 755.

David_Powers
David_Powers
Inspiring
November 17, 2012

tessimon wrote:

I need to set global permissions, is there a way of defining a registered user as the owner so that I only need apply owner permissions of 700 rather than setting at 777?

Not that I am aware of.

My other concern is that the files that I upload the photos to is also the one that I link to from my web pages to display the images, should I be copying the uploaded images to another file then linking to that one to display the images?

As long as you are checking that the files are only .jpg, .gif, or .png, and that the files have been genuinely uploaded (using, for example, move_uploaded_file()), you should be OK. However, there is always the danger that the uploaded image is obscene or unsuitable in one way or another. The only way to prevent that sort of problem is to check the file yourself before allowing it to be displayed.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices