Reputation: 1948
777 Alternative for PHP
I am using imagejpeg to upload a picture to a folder .. The imagejpeg function only works if the folder has 777 permission and fails otherwise. Since 777 permission is totally unsafe, I'm wondering what can I do to fix this problem?
Upvotes: 2
Views: 815
Answers (3)
Reputation: 850
Keep in mind; if you set your PHP handler to suPHP, then most likely your PHP scripts will have full permission over all of your files.
Then you can keep your folders and files 755 instead of 777 which will prevent other users on the same server to access and edit your files. However, the disadvantage is that one php shell can take control of your entire account directory and everything within. Make sure your script doesn't have any RFI vulnerabilities or any vulnerabilities that may allow bad guys to execute php commands.
Upvotes: 0
Reputation: 9768
The PHP script runs as whatever user your webserver is running under, or if you're using a webhosting company, it probably runs as your own username. You are correct, 777 is unsafe, therefore as zerkms mentioned, change it to 755 and make sure it is owned by the proper username that runs the script.
You can find that username by looking at the username that created these files while you were running undrer 777 permission.
Upvotes: 2
Related Questions
- File Permissions and CHMOD: How to set 777 in PHP upon file creation?
- Change folder permission to 777 using PHP temporarily
- how to avoid giving 777 permission
- Creating, moving, and deleting files in php without setting directory and file permissions to 777?
- PHP: Is permission 777 a security issue?
- How to permanently chmod 777 for PHP
- PHP - Protecting site from folders with 777 permissions
- chmod 777 in php
- What's a good permissions system to use?
- Alternative to CHMOD 777