CHMOD Limitations

feldon23

All I hear over and over is that users installing someone's PHP script have to CHMOD all the directories to the right settings.

Well, I don't want my users to go through this crap.

Has anyone found any ways to give a PHP script, either by changing its user (chown), group, etc. or just writing some other installation-type script that will do the CHMODding for me?

I can see the benefits of MySQL, but I feel I am being forced to use it because of limitations in PHP.

TruckStuff

Well first, owernship rights are a "limitation" of the underlying nix file system, not PHP. Second, they aren't a limitation at all. In fact they are ideal to keep you from screwing up something you shouldn't. Suggest you do some reading about nix owernships and permissions before deciding that they are a "limitation". Couple of pointers:

1) All directories must be exuctable if you want non-root users to be able to enter them.
2) World-writable files are inherently dangerous. Avoid them if at all possible.
3) The simplest set of permission you can have to execute a script would be 700 with an owner of root.
4) Getting around your problems by running everything as root is NOT a good idea. You are asking for a security breach down teh road.

feldon23

Ok, let's get some more information into the equation here.

I really don't want to have 777 directories either, but in order for my script to be able to upload files, re-write configuration files, etc. which are scattered among dozens of directories without the user having to FTP in and CHMOD til their eyes bleed, what is the solution?

I am running a dedicated Redhat 7.2 host and any files or folders that PHP/Apache writes to the drive are owned by user "99".

I guess as long as I have PHP create the directories like:

mkdir("blah");
chmod("blah", 0700);

should I be OK?

Also, there is a lot of hype about not having world-writeable directories. As long as all file uploads go through strict file-type checking by the PHP script, and other users do not have access to the webhost's hard drive, isn't that safe?