php email attachment, chmod settings

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Andy McAllister
    #1

    php email attachment, chmod settings

    I have a php script from Obie (link at bottom) which uploads a file to
    the web server, then attaches it to an email, and sends it to a default
    recipient.

    This program requires setting a directory for the files to reside in
    temporarily. What settings should I put this folder to to be most
    secure, 755? 750? other? If the user is uploading, is that the
    "world" permissions, or is that the "group" or "owner" permissions?
    I'm not entirely sure how the upload in this script works, but it uses
    the "open()" "fopen()" and "fread()" functions in there.

    ObieWebsite
    http://obiewebsite.sourceforge.net/obie.php?Form_to_email_with_attachment


    Thank you thank you thank you.

    Tags: None
    • Andy McAllister
      #2
      Re: php email attachment, chmod settings

      I see now that the uplod is RFC-1867:
      PHP: Handling file uploads - Manual
      http://us3.php.net/manual/en/features.file-upload.php
      Handling file uploads


      But this act of uploading - is that "owner" "group" or "other"?

      Also, the fread() (which will setup to base64 encode the file): is that
      running with owner, group, or other privileges?

        Comment

        • Geoff M
          #3
          Re: php email attachment, chmod settings

          drsmartz@yahoo. com says...
          [color=blue]
          > But this act of uploading - is that "owner" "group" or "other"?[/color]

          Seeing as you used the term "chmod" I presume you are talking about a
          linux/Apache/PHP setup.

          In that scenario the PHP script are usually run by the Apache "user" -
          e.g. on my test server that user's name is "webserver" and that user is a
          member of a group called "web", of which my personal user account is also
          a member.

          My preference for folders to be used by php for write as well as read is
          personally-owned by me but group-owned by "web", and with permissions of
          775 (read/write for owner and group, read-only for world). If I was ultra
          cautious I might do 77x.

          Geoff M

            Comment

            Previous template Next
            Working...