php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13247 Move_uploaded_file set wrong user and wrong group
Submitted: 2001-09-11 09:23 UTC Modified: 2001-10-08 08:58 UTC
From: linux at infomaniak dot ch Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0.4pl1 OS: Cobalt OS
Private report: No CVE-ID: None
 [2001-09-11 09:23 UTC] linux at infomaniak dot ch
Here is my configure line :

'./configure' '--with-mysql' '--with-gd' '--with-ttf' 
'--enable-bcmath' '--enable-calendar' 
'--enable-memory-limit' '--enable-safe-mode' '--with-imap' 
'--enable-ftp' '--enable-sockets' '--with-apxs'

The script that is used is as simple as :
<?
@move_uploaded_file($file, 
"/path/to/my/directory/filename");
?>

My Apache webserver runs as user and group httpd.
Now the really annoying thing is that whenever my customer 
or myself upload a file, the uploaded file is correctly 
moved but the ownership is set to httpd.root ( user httpd 
and group root ) Now this is a real big problem for my ( 
even without considering the security hole it represents ) 
because my customers cannot manage to erase these files 
anymore afterwards via FTP, because their uid will not let 
them touch these files. 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-09-11 10:29 UTC] hholzgra@php.net
i'm pretty sure php doesn't touch your file ownerships

more likely you have either root as primary group for
user apache in /etc/passwd or sicky bits set for the
directory ... ?
 [2001-10-08 08:58 UTC] sander@php.net
No feedback. Unlikely to be a bug in PHP. Closing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 24 18:01:29 2024 UTC