/albums/edit always chmod by apache to 666 and can't upload /albums/edit always chmod by apache to 666 and can't upload
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

/albums/edit always chmod by apache to 666 and can't upload

Started by itang, October 22, 2004, 08:44:01 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

itang

October 22, 2004, 08:44:01 AM
Since I upgrade to 1.3.2 I got this error. I don't know what happened.

Situation:

The /albums/edit directory is owned by apache and the initiate setup is good, I created it and chmod it to 777, everything is fine, however, when someone uploaded some pic, the apache chmod the /edit to 666 and then nobody can upload again.

I then need to log in to my server as root and change it back to 777.

Code Select
Warning: stat failed for ./albums/edit/. (errno=13 - Permission denied) in /home/ppi/cpg/upload.php on line 476

Warning: stat failed for ./albums/edit/. (errno=13 - Permission denied) in /home/ppi/cpg/upload.php on line 484

Warning: unlink() failed (Permission denied) in /home/ppi/cpg/upload.php on line 497

Warning: stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /home/ppi/cpg/upload.php on line 476

Warning: stat failed for ./albums/edit/.. (errno=13 - Permission denied) in /home/ppi/cpg/upload.php on line 484

Warning: unlink() failed (Permission denied) in /home/ppi/cpg/upload.php on line 497



my php.ini setting is good:

Code Select
; Safe Mode
;
safe_mode = Off

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =

; When safe_mode is on, only executables located in the safe_mode_exec_dir
; will be allowed to be executed via the exec family of functions.
safe_mode_exec_dir =

; open_basedir, if set, limits all file operations to the defined directory
; and below.  This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file.
;
;open_basedir =

; Setting certain environment variables may be a potential security breach.
; This directive contains a comma-delimited list of prefixes.  In Safe Mode,
; the user may only alter environment variables whose names begin with the
; prefixes supplied here.  By default, users will only be able to set
; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
;
; Note:  If this directive is empty, PHP will let the user modify ANY
; environment variable!
safe_mode_allowed_env_vars = PHP_

; This directive contains a comma-delimited list of environment variables that
; the end user won't be able to change using putenv().  These variables will be
; protected even if safe_mode_allowed_env_vars is set to allow to change them.
safe_mode_protected_env_vars = LD_LIBRARY_PATH

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names.  This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions =

; Colors for Syntax Highlighting mode.  Anything that's acceptable in
; <font color="??????"> would work.
highlight.string  = #CC0000
highlight.comment = #FF9900
highlight.keyword = #006600
highlight.bg      = #FFFFFF
highlight.default = #0000CC
highlight.html    = #000000


;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = On


;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 2400     ; Maximum execution time of each script, in seconds
memory_limit = 128M      ; Maximum amount of memory a script may consume (8MB)


My php.conf is good:

Code Select
<Files *.php>
   SetOutputFilter PHP
   SetInputFilter PHP
   LimitRequestBody 31457280
</Files>

My cpg config file looks like this:

Code Select
<?php
// Coppermine configuration file

// MySQL configuration
$CONFIG['dbserver'] =                         "localhost";        // Your database server
$CONFIG['dbuser'] =                         "root";        // Your mysql username
$CONFIG['dbpass'] =                         "***";                // Your mysql password
$CONFIG['dbname'] =                         "cpg";        // Your mysql database name


// MySQL TABLE NAMES PREFIX
$CONFIG['TABLE_PREFIX'] =                "cpg130_";
?>

Question:

1. What makes this happen? The upload.php? the speing clean function?
2. How can I solve this problem?

Thanks a million.

Casper

#1
October 22, 2004, 11:22:28 AM
Open your include/picmgmt.inc.php and find '0666'.  Change it to '0777'.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

itang

#2
October 22, 2004, 06:10:07 PM
Thanks for your reply.

Can u explain more why this happaned? Was it happened to me only?

Thanks again!  ;)
Print
Go Up Pages1
User actions