Permissions

Anon

I am currently working on a small project. The object is to let users (participants to a game) upload a user specific file to the server.

In order for me to process the result easily, these files need to be in a specific and clear directory structure (like group1/team3/file2.exe etc)

Problem is: I don't want other participants to be able to download the files from their competitors.

Now, the real question is:
* what permissions do I have to set if only the PHP-scripts (pages) and myself (by FTP) must be able to up- or download the files?

I use a loginpage, and thus nobody can upload files with the PHPscripts, unless they are in the right team. But as my dir's are wideopen (777), everybody can put a file there or even replace the file of somebody else. also reading the file should be forbidden for strangers. How do I accomplish this?

Thx for the help!

Anon

You better use Apache's built in for http authentication using the .htaccess files, you can make your php scripts to automaticly edit and generate these lines ..

Just an idea!

Anon

1) How would I do this?
2) Don't I need special rights on the server? Just writing a file .htaccess is enough?
3) What happens if the script wants to read the file? Will it gain access to the dir?

I want the user to upload a file to the server without anybody exept for the PHPpage and my FTPclient to be able to read it.

Anon

Hi
We have lots of site which do this. How we handle this is simple. And this solution is if you are using Linux.
1. Create an "ftp user group" say ftpgroup
2. create users who are part of the ftpclient, say ftpuser
3. make the structure say "ftdocs" as the root of the ftp directory
4. chmod 733(or 722) to the ftpdocs and the recurssive structures
5. chown ftpuser:ftpgroup for the recurssive structure
6. Now your structure is complete.
7. While uploading the file using php page ftp and upload the file.
Now people will be able to write and not read what is in the directory. Now say you want to run php scripts to do something, then you will have to run php scripts under CGI mode and as root. We have crons which kick out php scripts every 1/2 hr that run archiving systems, schedule moderator systems, file translation systems etc. So that would be one of the ways of using php scripts. I hope i answered your questions.