i have to admit, i never really completely got the *nix filesystem permission model. oh, the rwxrwxrwx stuff isn’t too complicated, but i get confused easily when programs create new files and how i can handle them.

my current problem is the mixture of a (closed source) java-applet that does file uploads over ftp and php (it’s on a dedicated server and the data isn’t really critical, so i’m not all too concerned about world-writeability).

so, i have two users: ftp (1000) and apache/php (81). groups don’t match, so they’re basically “others”, if i’m correct.

an “import” directory, set to 0777 owned by ftp.

if a visitor acesses the upload page, a subdirectory named after his username is created by my script. let’s say, the visitors username is “foo”, so it’s “import/foo”, set to 0777, user 81/php.

next, the visitor uses the java applet to upload a file to this directory (test.jpg). the file’s permissions are now rw-r–r–, user ftp.

first question

the first thing i don’t understand is: i’m able to unlink that file through php.
why? the users don’t match, and the file isn’t world writeable.
is this because of the parent directories world-write permission? understandably, i can’t chown or chmod through php.

so far no problem, because as long as i can read and unlink, everythings ok.

second question

the java applet is able to upload whole directories, which is nice. if i do this, the new subdirectory import/foo/test has permissions rwxr-xr-x/ftp. the files in this directory are rw-r–r–/ftp.

now i’m out of luck. i can’t do anything with those files (besides reading, which i do successfully), no unlinking, no chmod/chowning. they just sit around and gobble up diskspace.

so, what’s the plan behind the default-permissions new files have? my guess is they have the permission set through umask, as long the creating script doesn’t chmod them to something else. am i right?

third question

what can i do about it? i mean, what would a sensible person do? can i/should i change the umask for the ftp user? (i just learned about umask yesterday). i’m not very comfortable with this, as this would affect all ftp traffic, doesn’t it? also, the server is dedicated but i’m not an admin, so my access is restricted.

i just had another idea. before starting this post i read up on the basic linux permission stuff. first, the sticky bit isn’t set anywhere in the directory chain. and then, there it was: the “set user ID bit”.
so, my current plan is to write a simple shell script with owner ftp that is other-executable with setuid. the script just transfers the file in the import directories ownership to user php.
then, after each import i just exec() that file from my php-script and process files further.

would that work? and more important: is that clean and legal? or would the sysadmin put a bounty on my head?

thx a lot!

update: i just tried to set the uid bit (4755) through winscp (through an ftp connection), but it somehow doesn’t work – it seems to “forget” only the uid bit (the other bits get set). why is that? why can’t the owner set the uid himself? is that server-specific or generally the case?

update 2:
wikipedia says it all

Due to the increased likelihood of security flaws, many operating systems ignore the setuid attribute when applied to executable shell scripts.

is it still possible for user root to set the uid-bit?