Should the webserver user have write permission on the uploads/ directory?

view story

http://serverfault.com – I always gave to the webserver user full permissions on these dirs: cache/ logs/ web/uploads/ But now I am wondering if the uploads part is 0K. I was thinking that maybe it would be better if I use a .tmp file for each upload, and then put them in a queue to be moved to uploads/, and do the same for deletions (the queue will be read and validated by a different user). This way, even if an attacker gets to inject malicious code, the uploads/ folder will be safe. (HowTos)

Submitted by xskl on 08/20/2012

Login or register to post comments
Email this page

HowTos
web

Stories similar to Should the webserver user have write permission on the uploads/ directory?

How to set FTP upload umask so uploads cannot be deleted? 31 weeks 10 hours ago

The user uploads the file, but cannot delete it by FTP or SSH once uploaded.

Folder permissions must be no-write to prevent deletion by SSH, right? If so, then same user cannot be the FTP uploader?

How?

File upload folder permission fastCGI - How to make it writeable? 37 weeks 6 days ago

I am using centos 5.7 with cPanel WHM running fastcgi/suEXEC

I am trying to make a particular folder writable to allow a script to upload files but seem to be having problems.

The folder (and all recursive folders) I want to be writable is:

/home/mydomain/public_html/uploads

And I want only scripts run by the user "songbanc" to be able to write to this directory.

I have tried the following:

Permissions on directories for file uploads? 39 weeks 5 days ago

What is the correct way to set up directories to allow user uploads on Linux? My websites upload dir is 755, but Linux naturally doesn't let files be written to this directory except by the user. So should I change the directory to 777 or do some kind of group manipulation? Bare in mind, I don't want to open myself up to any security risks.

[ubuntu] New File Permissions on 10.04.1 Server 1 year 10 weeks ago

I'm driving myself crazy trying to figure this out. I hope someone can shed some light on my problem.

I need to know the simplest way to set default file permissions on a folder I created: /var/www/uploads

So when someone accesses the site they insert some information and then upload a file to the server, inside that uploads folder.

Handeling File Uploads in PHP 3 years 3 weeks ago

This feature lets people upload both text and binary files. With PHP’s authentication and file manipulation functions, you have full control over who is allowed to upload and what is to be done with the file once it has been uploaded.

Anyone else having problems with imgbox uploads? 1 year 16 hours ago

For the last couple of days all my uploads hang at about 30kb, smaller files upload OK. It also happened a week or two ago, but was OK the following day.

QOS script 2 years 37 weeks ago

Does anyone know how can I determine which user is UPLOADING via http protocol? Like sending video on youtube?

Or maybe how to throttle multimedia uploads ? Or any uploads? maybe get packet size?

SELinux not allowing write access to php-fpm for /wp-content/uploads 18 weeks 2 days ago

I've setup Wordpress on our server. We're trying to upload some documentation files. But SELinux pops-up and says that

SELinux is preventing /usr/sbin/php-fpm from write access on the directory /opt/nginx/html/wp/wp-content/uploads.

All the file permission are correct. Is there something to be done to allow php-fpm allow write access to that directory.

Dropbox camera uploads subfolders in Samsung Note 2 13 weeks 6 days ago

Hello,

I have a Note 2 and dropbox installed.

Should the webserver user have write permission on the uploads/ directory?

Search

Beautiful linux wallpapers

Tags