Creating Directories and Files through PHP and Permissions Issues

0
votes

I have a php application that creates directories and files from user input. Is it a problem to have php create the directories/files and then use the php chmod function to set the permissions to 755/644?

When I do that, it looks like the only way to delete those files is through php. So if I want to delete them via FTP, it won't work because apache/php owns them.

Mainly, though I'm trying to figure out if I would need to do anything else besides chmod to 755/644 for the directories/files to make things as secure as possible.

2
phppermissions
What's the reason you need to manually delete/edit files through FTP? If you really need to do it often, create another PHP script to administer the files. - Andreas Wong

2 Answers

0
votes

Just chmod them to 777 via php. Then youll able to delete files from ftp. 755 still allows writing only for php..

0
votes

If you use php to create directories and files from user input you should consider disallowing execution of php (and other) scripts from location where it stored. This can be done in .htaccess if you are using apache web-server.

AddType text/html .php .cgi .pl .fcgi .fpl .phtml .shtml .php2 .php3 .php4 .php5 .asp .jsp