仍然不了解文件上传文件夹权限 [英] Still don't understand file upload-folder permissions

问题描述

我已经查看了文章和教程.

I have checked out articles and tutorials.

我不知道如何处理图片上传文件夹的安全性.

I don't know what to do about the security of my picture upload-folder.

这是分类图片，应上传到文件夹中.

It is pictures for classifieds which should be uploaded to the folder.

这就是我想要的:

 Anybody may upload images to the folder.
 The images will be moved to another folder, by another php-code later on (automatic).
 Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days.

我应该在这里做什么?

图像是通过php-upload脚本上传的. 该脚本检查文件的扩展名是否实际上是有效的图像文件.

The images are uploaded via a php-upload script. This script checks to see if the extension of the file is actually a valid image-file.

当我尝试此操作时:

   chmod 755 images

图像将不会上传.

但是这样就可以了:

   chmod 777 images

但是777是安全隐患吗?

But 777 is a security risk right?

请给我详细信息...

Please give me detailed information...

问题是，该怎么做才能解决此问题，而不是有关有什么权限等信息……

The Q is, what to do to solve this problem, not info about what permissions there are etc etc...

谢谢

如果您需要更多信息，请告诉我...

If you need more info let me know...

推荐答案

您必须确保上载文件夹由apache拥有，或者与启动http服务器的用户相同.

You have to make sure the upload folder is owned by apache or whoever user is as which the http server is started.

或者，您可以使用UID拥有的775，该UID将收集文件，并以gid作为启动Web服务器的组ID.

Alternatively you can use 775 owned by the UID who will be collecting the files and with as gid the group id as which the webserver is started.

这些主题当然有所不同.

There are of course variations on these themes.

只要网络服务器用户或网络服务器组具有写入文件夹的权限，就可以进行上传.

As long as the webserver user or webserver group has permission to write in the folder, it will be fine for uploading.

各种各样的情况下，但是我们将需要有关您的设置的更多信息.

There are all kind of cornercases, but then we'll need more info about your setup.

这篇关于仍然不了解文件上传文件夹权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！