Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th March 2010, 01:12
ethanlifka ethanlifka is offline
Junior Member
 
Join Date: Aug 2008
Posts: 29
Thanks: 0
Thanked 6 Times in 4 Posts
Default SuPHP move_uploaded_file fileperms to 600 instead of 644

Its your /tmp directories - More info below

It seems that when you use move_uploaded_file() with SuPHP or FastCGI with SuExec the File Permissions are being set to 600 instead of 644.

This means any readable files like images, text, etc or not accessable by http. You need at least 640 to have be accessable by http.

At first everyone said it can be set in /etc/suphp.conf.
Change umask to 0022 instead of 0077.
Then restart apache.

FYI, if you are using FastCGI with suExec you can set umask in your sites ".php-fcgi-starter" file by adding "umask 0022"
Ex.
Code:
#!/bin/sh
umask 0022
PHPRC="/var/www/php-fcgi-scripts/web1/"
export PHPRC
NOTE: You can also edit "/usr/local/ispconfig/server/conf/php-fcgi-starter.master", but be asure to edit it directly and not FTP. Editing master files with FTP may result in PHP Parsing Errors.

Well my umask was already 0022. So this was not the solution for me.
Then everyone said just use chmod() after move_uploaded_file(). Which works great, but is not a good solution for big hosting companies who want to easily migrate multiple sites to their server. Having to change so much php code can be overwhelming.

After more research I found that it is not suphp.conf because the umask setting does work. Try mkdir() or fwrite(). Files and directories are set to 755 and 644 just fine. It's not the move_uploaded_file() function either.

It's your /tmp directories. Any files created in them are set to 600. The HTTP FILES Upload uses your sites /tmp to upload the file to. Not sure where the source of this 600 fileperms setting is coming from. Maybe your OS, maybe suPHP or suExec core.

If you know then please respond !!!!!!

I believe it is a security feature to not have any files in /tmp readable, writable, or executable by anyone other then the owner.

So when you use move_upload_file() it keeps the fileperms that where originaly set by the /tmp directory or your sites /var/www/site.com/tmp directory.

if you use copy() instead of move_uploaded_file() then it will generate 644 instead of 600.

Hope this helps.

I am still looking for a solution to automaticly set files to 644 with and only using move_uploaded_file().

Is it possable to rewrite the move_uploaded_file() function or append the chmod() after it?

Last edited by ethanlifka; 7th March 2010 at 01:21.
Reply With Quote
Sponsored Links
  #2  
Old 18th March 2011, 12:17
grungy grungy is online now
Senior Member
 
Join Date: Dec 2008
Posts: 151
Thanks: 13
Thanked 9 Times in 6 Posts
Default

I am having the same issue....with php-fastcgi, did you figure out this?
Reply With Quote
  #3  
Old 18th March 2011, 12:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,352
Thanks: 810
Thanked 5,174 Times in 4,056 Posts
Default

You can set the umask in the fcgi starter for this website file as explained in the above post. You might also want to change that in the fcgi starter file template in /usr/locals/ispconfig/server/conf/ as well.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 18th March 2011, 13:07
grungy grungy is online now
Senior Member
 
Join Date: Dec 2008
Posts: 151
Thanks: 13
Thanked 9 Times in 6 Posts
Default

Setting umask to 0022 did not work....
Reply With Quote
  #5  
Old 18th March 2011, 13:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,352
Thanks: 810
Thanked 5,174 Times in 4,056 Posts
Default

In which files did you set it? Please post the files.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 18th March 2011, 13:21
grungy grungy is online now
Senior Member
 
Join Date: Dec 2008
Posts: 151
Thanks: 13
Thanked 9 Times in 6 Posts
Default

Code:
# cat /var/www/php-fcgi-scripts/web32/.php-fcgi-starter
#!/bin/sh
umask 0022
PHPRC="/etc/php5/cgi/"
export PHPRC
PHP_DOCUMENT_ROOT="/var/clients/client3/web32"
export PHP_DOCUMENT_ROOT
# The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache 
# mod_fcgi will control the number of childs themself and never use the additional processes.
# PHP_FCGI_CHILDREN=8
# export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi \
 $1
Reply With Quote
  #7  
Old 18th March 2011, 13:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,352
Thanks: 810
Thanked 5,174 Times in 4,056 Posts
Default

Ok. Did you restart apache after you changed that file?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 18th March 2011, 13:45
grungy grungy is online now
Senior Member
 
Join Date: Dec 2008
Posts: 151
Thanks: 13
Thanked 9 Times in 6 Posts
Default

Yes I did restart apache
Reply With Quote
  #9  
Old 18th March 2011, 14:06
grungy grungy is online now
Senior Member
 
Join Date: Dec 2008
Posts: 151
Thanks: 13
Thanked 9 Times in 6 Posts
Default

Not sure if this is important but this is the content of my /tmp folder

Code:
# ls -all /tmp/phpsYq9OZ
-rw------- 1 web19 client23 3771 Feb 13 18:22 /tmp/phpsYq9OZ
I listed temp files only for targeted domain...the temp file has 600 permission just like the uploaded images
Reply With Quote
  #10  
Old 13th July 2011, 20:38
darkangel darkangel is offline
Member
 
Join Date: May 2011
Location: Cape Town, South Africa
Posts: 53
Thanks: 6
Thanked 2 Times in 2 Posts
 
Default

This doesn't work for me either ... did anyone get it working?
Reply With Quote
Reply

Bookmarks

Tags
600, move_uploaded_file, suphp

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
suPHP file permission catalyst General 14 7th March 2010 01:16
Security - mod_php with FTP vs SuPHP or SuExec ethanlifka Installation/Configuration 1 22nd February 2010 10:18
Goal: user separation (but apache can't read what suPHP wrote) berny Installation/Configuration 1 26th April 2008 18:22
Please Help me SmartAX MT810 :( cola Technical 0 9th November 2007 11:50
Fedora Core 6 install issues moos3 Installation/Configuration 10 22nd March 2007 18:25


All times are GMT +2. The time now is 13:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.