Upload File Owner

greg252

I created a script that uploads several files to a directory that is created by the script. Uploads and displays properly, but I can't delete them. Reason- wrong user.
I did a fileowner on the file and the folder and it returned "99" and "root".
Tried to chown but couldn't (thank goodness- security issues).

So, what do I do to remove the files?

Any ideas?

Anon

If your script can create the files, you should be able to delete tehm using a script as well. Failing that , talk to someone with root privilege.

On a much more significant note, if the owner of the files is root, your webserver is probably running as root. This is a v. bad idea. Apache et all have various well known exploits for gaining route access, particularly if you allow file uploads (it's the reason that v. 4.1.2 was released so quickly).

Details available at:

http://security.e-matters.de/advisories/012002.html

Cheers

Justin

greg252

Funky!!!
Created files with script but when I FTP'd in, I couldn't delete.
Rincewind was right! Have to use a script to delete.
Works fine.

Thanks.