file upload and directory permission

Anon

I have a PHP file which will reside in a password protected directory on the server.

I want to be able to upload an image file, using this PHP file, into a directory /public_html/images so taht the image will be visible to anybody.

My problem is that it seems that in order to upload the file I have to set the directory permissions so wide that anyone could put a file in that directory.

I am sure I am missing something basic, but what?

David

Anon

If the PHP interpreter is installed as a shared object, it runs within the web server process. Typically, web servers (should) run with very limited permissions, for obvious security reasons. If this is the case, you can change the ownership of the directory you're uploading the files to the web server user, typically 'nobody' or 'wwwrun' on *nix systems. But you'll need to be 'root' in order to do this...

Alternatively, you could create a directory outside of the web servers ~/htdocs path which is owned by the server, and then create a sym-link to that directory in your ~/htdocs path; while this offers some protection, some web servers do not follow sym-links.

Best bet, use ftp to upload files, since there are some security considerations when using PHP to upload files. The upload capabilities of PHP are convenient, but I always disable that feature for these very reasons.

Good luck...

Anon

Dar wrote "Best bet, use ftp to upload files, since there are some security considerations when using PHP to upload files"

Is it possible to summarise what these security considerations are. As I said in my original post I am running the script from within a password protected directory and therefore only trusted people will be using the upload feature.

Anon

I think the security issues are that in order to allow the user to load a file, the directory needs to be set to allow the Apache user to write to it.
If the user loads a PHP script, it will be owned by the Apache user, therefore it is able to do anything that the user has permissions to do. This will affect any directories that the Apache user has perms to act on.

Someone could write a script to loop and write files forever inside that directory, or to delete other files owned by the same user.

If the dir is protected by .htaccess, it would probably be ok, provided you trust all the users that have the password.

I would setup my script only to allow certain file types and sizes.