Re: [tlug] Arrrg! Permissions driving me nuts in PHP [SOLVED]

["Stephen J. Turnbull" <stephen@example.com>]

s smith writes:
 > On 11/25/2010 7:46 AM, Dave M G wrote:
 > > Looks like running an explicit chmod after creating the directory has
 > > solved the problem:
 > >
 > > system("chmod 777 -R $dirPath");
 > >
 > > Though, I don't see why this should be necessary. If a user has the
 > > permission to change permissions, shouldn't that user be able to just
 > > delete the file anyway?
 > Does umask permissions take precedence over mkdir permissions? It might 
 > be worth trying a umask 0 before the mkdir command.

NO NO NO NO!
WARNING, WARNING!
Danger, Will Robinson!  Danger!  Warning, warning!

Even if it works, you don't want to do that.  It opens your system up
to potential directory traversal and trojan attacks because there's a
race condition.

Sach is right; using chmod is just a band-aid, and those gangrene
bacteria may already be hard at work in the open wound.  Dave really
really wants to fix the process owner/file owner skew.  My guess is an
old owner spec of nobody for the parent directory with set-uid bit
set.  (I can't remember whether that's supposed to make files inherit
user ownership, but set-gid should work for inheriting group
ownership.)  And now apache is running under www-data or apache.  Or
something like that.

Yes-I-took-my-melodrama-pill-today-why-do-you-ask-ly y'rs,