|
PHP - Setgid Bit Always Unset When Changing File Permissions - A Strange Bug
good evening dear php-friends
well i am in big trouble - i have a terrible server error! Code: [Select] on openSuse Linux server My Setup: OpenSuse 11.4 on the local machine! Linux- Server FileZilla Client ---------------- Version: 3.3.4.1 Build information: Compiled for: i686-pc-linux-gnu Compiled on: i686-pc-linux-gnu Build date: 2011-02-23 Compiled with: gcc (SUSE Linux) 4.5.1 20101208 [gcc-4_5-branch revision 167585] Compiler flags: -fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector - funwind-tables -fasynchronous-unwind-tables -g -fstack-protector -Wall -g -fexceptions Linked against: wxWidgets: 2.8.11 GnuTLS: 2.8.6 Operating system: Name: Linux 2.6.37.6-0.7-default i686 Version: 2.6 Well folks i go crazy - sure thing: I run a linux-root-server that is administered by a friend of mine. i controll the SFTP session - with filezilla (see all i mentione above) in order to do installations and maintenance of some drupal-installations (and besides them some joomla-sites) Note: in the future i want to install Drush - in order to get rid all that annoying bugs. I am using directories with setgid bit set. I want to change the permissions of newly created directories to give write permission to the group (by default they have not). For this I right-click on the directory and change the permissions from the Properties dialog. When I change the permissions of a directory that way, the setgid bit gets removed. In fact, there is no way to set the setgid bit, it just always gets turned off, whatever operation one does on permissions.I heard that a buddy found a workaround by creating a custom command that executes chmod -R g+w "!" and applies on directories. This works fine. he said. Well what should i do!? BTW - why does this custom comand work for him !? Can somebody explain this abit! Well i go almost crazy and throw the computer out of the window (well notabene - of the 14 th floor) this is sure thing no good idea but i need to have a solution. waht should i do here. Note: with FileZilla you cannot (!!!!!) set the SETGID-Bit again - no way here - no chance. But with winscp (see below the link ). And you can imagine with Drush you can do it too! What sould i do - can you advice something for me! btw: see winscp with its ability to control the SETGID bit more than the FileZilla can do!! Well what can cause the issue - where is it rooted. Why do i loose the SETGID-Bit every time! It is possible that our SFTP server does not support the setgit bit and silently ignores the request to set it. What is the issue - can it be the SFTP.-SERVER!? Do you need more information more input should i do more investigations on the troubles and the environment. just let me know - i do everything to get the troubles rid! look forward to hear from you Greetings Similar TutorialsWasn't sure exactly where to post this at but here is my issue. I have a directory setup where multiple developers work on a project and they all have "group" access to the folder and files(read, write, execute) so the permissions on the php files need to be 775 so they can upload and overwrite the files via FTP. The problem is that PHP files will not work with permissions of 775 and throw a internal server error unless I change it to something lower. Is there a way to overcome this for these files? I have a question for developing (or in this case rewriting) an application. The current application creates directories and files (thumbnails, etc..) in a directory of the application files. In order to do this I have to set the directories chmod to 777 via ftp. I know this isn't secure. What exactly do you put in the application's code to allow it to write to a file or directory with CHMOD of 755. I have a simply script like this: $fh = fopen("test/test.js", 'w+') or die("can't open file"); fwrite($fh, $output); fclose($fh); It ONLY works if the "test" directory has a 777 permissions. Works like a charm then, but the moment it goes to even 775, I get this: Warning: fopen(test/test.js) [function.fopen]: failed to open stream: Permission denied in /var/www/vhosts/mydomain.com/httpdocs/f.php on line 42 Any thoughts? I don't want this folder to remain 777 Thanks Hi Have searched this and other forums for an answer to this and found lots of similar questions but nothing dealing with exactly what I'm after. I want to copy a file located in parent/dir1/file.pdf (for example) to another directory parent/dir2/id/file.pdf. This is straightforward enough using copy(). But... I don't want users to be able to access the original file directly (eg by just putting /parent/dir1/file.pdf into their browser. The only way I seem to be able to do this is by removing the 'read' permission, but then the copy() command gives an error. If this is possible, I assume the solution is somehow linked to the various file and directory permissions but I can't figure out the correct settings. Can someone help out? Thanks in advance I have 3 php's home.php createStep1.php createCheckPass.php createStep2.php home.php unsets some $_SESSION variables if they still exist from previous pages: Code: [Select] if(!empty($_SESSION['ame'])) { unset($_SESSION['ame']); } if(!empty($_SESSION['ject'])) { unset($_SESSION['ject']); } if(!empty($_SESSION['ports'])) { unset($_SESSION['ports']); } if(!empty($_SESSION['session_age_range'])) { unset($_SESSION['range']); } createCheckPass.php gets some posted information from createStep1.php, checks everything is ok and if so sets the above session variables createStep2.php gets the session data set by createCheckPass.php and then gets to work with the user inputting data into the db. The odd problem If createCheckPass.php finds any problems with the posted data it redirects the user back to createStep1.php with the sessions set, createStep1.php then displays the errors with the info set in the sessions to the user and everything works ok. If however the user sends the form from createStep1.php with no problems and the createCheckPass.php passes the user onto createStep2.php, something strange happens... The sessions set by the createCheckPass.php are only ever unset at the home.php, yet somehow createStep2.php loses the sessions and therefore doesn't run. What is even stranger is if i comment out the unsetting of the sessions from the home.php, everything works fine and none of the sessions are lost. Really really odd Summary: createStep2.php is reading the unset session lines of code from home.php when never asked to. Has anyone ever come across anything like this before? Hi Everyone, this is a very old code. I know I have to change the 'addslashes' method in this code. I also just changed the code using 'mysqli'. There are two files to upload the images to a gallery, preexport.php and export.php. The upload works up to five images. if I choose 6 or more and press add images, the browser refreshes itself and the upload won't happen. All the fields on the form clears itself and no errors shows up...can you please take a look and help me correct this problem? Here are the two files...
export.php
<?php
include("config.inc.php");
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
include("config.inc.php");
if(!$_POST) {
header("Location: preexport.php");
exit();
}
// initialization
$result_final = "";
$counter = 0;
// List of our known photo types
$known_photo_types = array(
'image/pjpeg' => 'jpg',
'image/jpeg' => 'jpg',
'image/gif' => 'gif',
'image/bmp' => 'bmp',
'image/x-png' => 'png'
);
// GD Function List
$gd_function_suffix = array(
'image/pjpeg' => 'JPEG',
'image/jpeg' => 'JPEG',
'image/gif' => 'GIF',
'image/bmp' => 'WBMP',
'image/x-png' => 'PNG'
);
// Fetch the photo array sent by preexport.php
$photos_uploaded = $_FILES['photo_filename'];
$filename[]= $photos_uploaded['name'][$counter];
//print_r($photos_uploaded);
$photo_caption = $_POST['photo_caption'];
// Fetch the photo caption array
$photo_description = $_POST['photo_description'];
// Fetch the photo caption array
$photo_keyword = $_POST['photo_keyword'];
while( $counter <count($_FILES['photo_filename']['tmp_name']) )
{
if($photos_uploaded['size'][$counter] > 0)
{
if(!array_key_exists($photos_uploaded['type'][$counter], $known_photo_types))
{
$result_final .= "File ".($counter+1)." is not a photo<br />";
}
else
{
/*print "HHHHHH\n";
print "Counter is $counter : ";
print $photos_uploaded['name'][0];
print $photos_uploaded['name'][1];
print "Photo caption is $photo_caption[$counter]"; */
mysqli_query(
$mysqli,"INSERT INTO
gallery_photos (
`photo_filename`,
`photo_caption`,
`photo_description`,
`photo_keywords`,
`category_name`
) VALUES(
'".addslashes($photos_uploaded['name'][$counter])."',
'".addslashes($photo_caption[$counter])."',
'".addslashes($photo_description[$counter])."',
'".addslashes($photo_keyword[$counter])."',
'".addslashes($_POST['category'])."')"
) or die(mysqli_error() . 'Photo not uploaded');
// $new_id = mysqli_insert_id();
$filetype = $photos_uploaded['type'][$counter];
$extention = $known_photo_types[$filetype];
//$filename = $photo_filename[$counter].".".$extention;
//$filename = $new_id.".".$extention;
// mysqli_query( "UPDATE gallery_photos SET photo_filename='".addslashes($filename)."' WHERE photo_id='".addslashes($new_id)."'" );
// Store the orignal file
copy($photos_uploaded['tmp_name'][$counter], $images_dir."/".$photos_uploaded['name'][$counter]);
// Let's get the Thumbnail size
$size = GetImageSize( $images_dir."/".$photos_uploaded['name'][$counter] );
if($size[0] > $size[1])
{
$thumbnail_width = 200;
$thumbnail_height = (int)(200 * $size[1] / $size[0]);
}
else
{
$thumbnail_width = (int)(200 * $size[0] / $size[1]);
$thumbnail_height = 200;
}
// Build Thumbnail with GD 1.x.x, you can use the other described methods too
$function_suffix = $gd_function_suffix[$filetype];
$function_to_read = "ImageCreateFrom".$function_suffix;
$function_to_write = "Image".$function_suffix;
// Read the source file
$source_handle = $function_to_read ( $images_dir."/".$photos_uploaded['name'][$counter] );
$sharpenMatrix = array
(
array(-1.2, -1, -1.2),
array(-1, 8, -1),
array(-1.2, -1, -1.2)
);
// calculate the sharpen divisor
$divisor = array_sum(array_map('array_sum', $sharpenMatrix));
$offset = 0;
if($source_handle)
{
// Let's create an blank image for the thumbnail
$destination_handle = ImageCreateTrueColor ( $thumbnail_width, $thumbnail_height );
// Now we resize it
ImageCopyResized( $destination_handle, $source_handle, 0, 0, 0, 0, $thumbnail_width, $thumbnail_height, $size[0], $size[1] );
}
// Let's save the thumbnail
$function_to_write( $destination_handle, $images_dir."/tb_".$photos_uploaded['name'][$counter], 100 );
ImageDestroy($destination_handle );
//
$result_final .= "<img src='".$images_dir. "/tb_".$photos_uploaded['name'][$counter]."' /> File ".($counter+1)." Added<br />";
}
}
$counter++;
}
// Print Result
echo <<<__HTML_END
<html>
<head>
<title>Photos uploaded</title>
</head>
<body>
$result_final
</body>
</html>
__HTML_END;
}
?>
preexport.php
<?php
include 'config.inc.php';
$photo_category_list = '';
$photo_upload_fields = '';
$counter = 1;
// If we want more fields, then use, preexport.php?number_of_fields=9
$number_of_fields = (isset($_GET['number_of_fields'])) ?
(int)($_GET['number_of_fields']) : 9;
// Firstly Lets build the Category List
$result = mysqli_query($mysqli,'SELECT category_name FROM gallery_category');
/*if($result === FALSE) {
die(mysqli_error()); // TODO: better error handling
}*/
while($row = mysqli_fetch_array($result)) {
$photo_category_list .= <<<__HTML_END
<option value="$row[0]">$row[0]</option>\n
__HTML_END;
}
mysqli_free_result( $result );
// Lets build the Image Uploading fields
while($counter <= $number_of_fields) {
$photo_upload_fields .= <<<__HTML_END
<tr><td>
Photo {$counter}:
<input name="photo_filename[]"
type="file" />
</td></tr>
<tr><td>
Caption:
<textarea name="photo_caption[]" cols="50"
rows="1"></textarea>
</td></tr>
<tr><td>
Description:
<textarea name="photo_description[]" cols="50"
rows="4"></textarea>
</td></tr>
<tr><td>
Keyword:
<textarea name="photo_keyword[]" cols="50"
rows="4"></textarea>
</td></tr>
__HTML_END;
$counter++;
}
// Final Output
echo <<<__HTML_END
<html>
<head>
<title> Rajeev lets upload photos!! </title>
</head>
<body>
<form enctype="multipart/form-data"
action="export.php" method="post"
name="export_form">
<table width="90%" border="0"
align="center" style="width: 90%;">
<tr><td>
Select Category
<select name="category">
$photo_category_list
</select>
</td></tr>
<!—Insert the image fields here -->
$photo_upload_fields
<tr><td>
<input type="submit" name="submit"
value="Add Photos" />
</td></tr>
</table>
</form>
</body>
</html>
__HTML_END;
?>
Hey guys I don't know if this is possible but here is what I need to do. I have a log (txt file) on my computer I need it to automatically upload itself to my server every X minutes. Is this possible at all? Hi guys Still learning php and have what is probably quite a newbie question! I have an upload script (below) that uploads images but I can't work out how to change the name of the file before it's moved from it's temporary location to the 'uploads' directory. I've tried a few things but nothing seems to work and I'm a bit stuck. The ultimate goal is to time stamp the new image name so that it will be unique but the first step is to figure out how to change the name. Any help would be much appreciated! Thanks, Drongo The script I'm using is as follows: Code: [Select] if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 200000000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } I have a form that was written and works well as an HTML file. Now I've learned a little (tip of the iceberg, i'm sure) and want to place password protection BEFORE it. To the best of my knowledge, this will require SESSIONS and turning my form into a PHP file. (I assume LOTS of reading is ahead of me... LOL) Can I simply change the extension to a PHP, add the <? tags > and just keep the HTML in place? Or do I need to make it PHP and ECHO every line of code? Or is there another way? And while on the subject, does a PHP file require anything before publishing, the way an HTML requires the <!DOCTYPE> information? Hello, I have a form that ends up creating a file. The file has one of two values in the file: specials.php specials8.php Within several of my web pages, I have an image map, and I would like one of the href values to be the value that PHP would get from the underlying file. How would I code this to make the image map function accordingly? Notice the "Daily Specials" entry within the image map. It is this href that I need to become the value from the file. The unsuccessful code that I tried is: <?php $file38a = "test/activate.txt"; $file38b = file_get_contents("$file38a"); echo "<img src=\"sample2/sidebar1.jpg\" alt=\"Collegeville Diner\" width=\"94\" height=\"330\" border=\"0\" align=\"top\" usemap=\"#Map2\" longdesc=\"http://collegevillediner.com\" />"; echo "<map name=\"Map2\" id=\"Map2\">"; echo "<area shape=\"rect\" coords=\"8,102,88,152\" href=\"about.htm\" target=\"_self\" alt=\"About the Diner\" />"; echo "<area shape=\"rect\" coords=\"7,159,90,204\" href=\"menu.htm\" target=\"_self\" alt=\"Our Menu\" />"; echo "<area shape=\"rect\" coords=\"7,214,90,262\" href=\"$file38b\" target=\"_self\" alt=\"Daily Specials\" />; <area shape=\"rect\" coords=\"0,275,86,320\" href=\"desserts.htm\" target=\"_self\" />"; echo "</map>"; ?> Hey guys i have a script that i made with multiple permissions.. i need to add in the pages restitutions for diffrent levels.. so i got the level $query = "SELECT * FROM users WHERE `username`='$username_from_cookie'"; $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // get results $result = mysql_query($query) or die("Couldn't execute query"); // now you can display the results returned while ($row10= mysql_fetch_array($result)) { $permissions= $row10["permissions"]; echo '$permissions'; } Now to restick im ok with like to but more then that i get confused.. this shows navigation on levels of permissions.. if ($row10['permissions'] == 2) { print "<a href=\"U.php\"><img src=\"./Icons/Users.png\" title=\"Prof\" /></a>"; } else { print "<img src=\"./Icons/Users_o.png\"/>"; } 2 levels if ($row10['permissions'] == 5) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } elseif ($row10['permissions'] == 2) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } else { print "<img src=\"./Icons/sec_o.png\" title=\"Enseignant(e)\"/>"; } ok so instead of have 10 lines of codes can i $row10['permissions'] == 5&2&3 ??? and can i do if not permissions ==5 redirect to loggin.. thanks So here is a concept of a permission system that I haven't really seen any where else. Now usually conventional permissions are usually stored in columns whilst the record specifies a bit which is then used to determine if the record has access to that permission.
Below is my concept of how permissions should be done, I'm looking for someone who can help me create the system in a way which would be easily implementable by other applications such as MyBB. In my case I have multiple game servers, and most of my players have accounts created on my forums which are powered by MyBB, I'm currently in the process of integrating their MyBB accounts across all my related game servers, but one thing I've noticed is that I have multiple permission systems created for all of my servers so right now I'm also trying to integrate all of them into one system so please try and understand that I designed this system in a way that could be used by multiple applications.
Any constructive criticism is accepted.
So the idea is that you have 1 table, I'll just list it here to make it easier to follow: - uniperms_nodes Now the uniperms_nodes table will contain the following columns:
- key (Int, Not Null, Primary Key, Auto Increment)
- type (Enum('USER', 'GROUP'), Not Null)
- id (Int, Not Null)
- permission (Varchar(255), Not Null)
- description (Text)
Now here is how it works,a record is inserted into the uniperms_nodes table containing the necessary information. Here is an example:
INSERT INTO `uniperms_nodes` (`type`, `id`, `permission`, `description`)
VALUES ('GROUP', '1', 'my.test.node', 'A simple permission');
With this information inserted, I can simply use the following query in order to get all of the permissions related to the GROUP with the ID of 1. SELECT `permission` FROM `uniperms_nodes` WHERE type='GROUP' AND id=1;With this array of permission nodes I can simply just check if the array has 'my.test.node', if the array contains 'my.test.node' then that means that the group I queried has access to that permission. Now the reason I have the types USER and GROUP is because maybe you would like to give permissions to individual users, but maybe you wouldn't necessarily want to create a new group. I'm currently looking for someone to help me create a lovely interface for this system, so that it's easier for the user to modify a group/user's permissions. If you're interested feel free to message me here on the forums or via email. kieron.wiltshire@outlook.com Edited by KieronWiltshire, 19 November 2014 - 11:15 AM. I'm doing a flash app where i save webcam images to a folder on the server. I'm able to make this work when running of xampp on my machine, I create the required folder structure and I'm able to read from that folder and display the images, however once i move the stuff onto a live server, it fails to create the folders and it seems to be a permission problem. Is it server specific? i've tried chmod etc but I don't think i'm doing it right. any help, pointers for a non php developer would be most helpful. here's my code snippet <?php //This project is done by vamapaull: http://blog.vamapaull.com/ //The php code is done with some help from Mihai Bojin: http://www.mihaibojin.com/ $uid = $_GET[uid]; $structure = './images/' . date("Ymd") .'/' . $uid. '/'; // To create the nested structure, the $recursive parameter // to mkdir() must be specified. if(is_dir($structure)) { echo "Exists!"; } else { echo "Doesn't exist" ; if (!mkdir($structure,'0777', true) ) { die('Failed to create folders...'); } } if(isset($GLOBALS["HTTP_RAW_POST_DATA"])){ $jpg = $GLOBALS["HTTP_RAW_POST_DATA"]; $img = $_GET["img"]; $filename = 'images/' . date("Ymd"). "/" .$uid. "/img_". mktime(). ".jpg"; file_put_contents($filename, $jpg); } else{ echo "Encoded JPEG information not received."; } ?> Dear Coder Bro, I made a simple php script which copy some files to the server directory through a php loop. It means it will copy some 1000+ files via loop & store into a directory. The script worked fine before some 2 - 3days, Suddenly i saw that script is executing but no files copied to the server's directory. I checked the directory permission & it was 755. I changed the permission to 777 and run the script once again and it worked success... But the problem is the directory permission automatically changes to the old 755. I don't know how it happen. I need to change the directory permission to 777 when i begin to run the script. My Question is. 1.) Why did the directory permission automatically changes to 755. ? 2.) How to solve this problem to avoid the every time directory permission changing behavior ? I Hope expert coder guys will respond soon...! Hi I've got a file upload script i've written and I have set the folder to 777 to allow uploads With the permission set to 777 does this open me up to potential uploads from 3rd parties? (ie: viruses etc)? So I thought what I would do is 1: Set folder to 777 to allow uploads 2: Upload file 3: Set folder to 755 to disable uploads Would this be the best method to do it? Or is that a waste of time and am I safe just leaving it as 777 Thanks Hello needed for permissions well dont know even how to ask . im building simple betting and im want to add message if user has submitted bet but problem im got is once user submit all other bets comes with message how to make it work separate for every single row Here is my code Code: [Select] $statom = $TSUE['TSUE_Database']->query("SELECT count(*), b.betid, a.betid, a.memberid, a.chosen_team FROM rasta_betters a, rasta_betting b WHERE memberid = ".$TSUE['TSUE_Member']->info["memberid"]." AND b.betid = a.betid "); $arr = mysqli_fetch_array($statom); if ($arr[0] > 0) { $forma = '<div class="success">You have placed bet here</div>'; } else{ $team1 = $row['team1']; $team2 = $row['team2']; $pisk = '<input type="checkbox" name="komanda" value="'.$team1.'" />'; $pisk2 = '<input type="checkbox" name="komanda" value="'.$team2.'" />'; $komanda = ''; $komanda = $team1.$pisk; $komanda2 = ''; $komanda2 = $team2.$pisk2; $forma = 'This bet end on:'. date('Y-m-d H:i:s',$row['finish']).''; eval("\$betting_form = \"".$TSUE['TSUE_Template']->LoadTemplate('betting_form')."\";"); $forma .= $betting_form; } $TSUE['TSUE_Member']->info["memberid"] that is actual user id gets id auto I have a link that sets a get variable that then performs a search based on that get variable. How after I the page has reloaded with the new search results how can I removed the $GET from the end of the url? Thanks for any help. This topic has been moved to Other Libraries and Frameworks. http://www.phpfreaks.com/forums/index.php?topic=357211.0 Hi there, I am working on a little CMS site and I have run into a bit of a problem. When the user comes to publish the changes they have made I need to push the new files onto their server. I don't know whether they are on a shared host or not though, and if they are they won't be the root user and so functions like chmod() and rmdir() will be disallowed. Even if they weren't on a shared host I doubt whether they would be running scripts as root anyway. I cannot ask the user to set the file permissions to 0777 to use the CMS as I know that most people would not do that, I know I wouldn't. So my plan of action was to have the permissions set to 0644 and temporarily change them to 0777 whiles I push the changes then change it back again afterwards. I have a tiny website on a shared host so I am able to test this in the worst of scenarios and these are the errors I get: Quote from: The errors Warning: chmod() [function.chmod]: Operation not permitted in ******** on line 20 Warning: fopen(********) [function.fopen]: failed to open stream: Permission denied in ******** on line 35 Warning: fwrite() expects parameter 1 to be resource, boolean given in ******** on line 39 Warning: fclose() expects parameter 1 to be resource, boolean given in ******** on line 40 Because I am not the root user chmod is not permitted and because the file permissions are set to 0644 I cannot execute the file system functions which alter the files. It all relies on the permissions being set right. I tried using umask() but as someone says in a note on php.net, umask can only remove/delete permissions, it can't grant them. So that seems like a dead end. I can't change ownership either with chown() as that requires you to be the root to use too. Wondering what was going on I used fileperms() to find out what the permissions were according to the php and got the number 33188. Turns out after a bit of research that this is an octal number, so I converted it and got the number 100644. That looks about right, but I don't know what the 10 is doing before the permissions? Does anyone know how can I get around this problem? I would like to avoid using FTP functions if I can. Thanks for any help, Joe |
|||||||