leaving an image directory with 777 permissions

jennyp

I want to write a website app that lists subscribers' advertisements, using a MySQL database. People will be able to upload images with their ads. I find that in order for users to upload their images, I have to leave the image directory with 777 permissions.

I did write a similar thing for one person which also involved uploading images, and in that case I handled the problem by chmodding the directory to 777 just before the image copy routine, and chmodding it back to 751 again afterwards. This seemed OK as only one person would ever be using it.

However I can't do this when many people may be accessing the upload page at the same time.

I have an index.php in the directory which redirects via a header to another page, but I get the impression that leaving a directory 777 is not desirable. But do I have no choice?

Hope this makes sense. Any tips would be great! Thanks. :queasy:

NogDog

If running PHP as an Apache module, you probably do not have much choice, as the directory needs to be read/writable via the Apache user account so that it can copy the uploaded files into it.

jennyp

Yes, PHP is indeed running as an Apache module, so I guess I'm stuck with leaving it like that. Thought I was missing something! Thanks!