Jump to:

546 Posts in 2160 Topics by 237 members

Hosting Requirements

SilverStripe Forums » Hosting Requirements » File Permissions

What you need to consider when choosing a hosting provider and plan.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2362 Views
  • tonisch
    Avatar
    Community Member
    15 Posts

    File Permissions Link to this post

    Hi!

    My hosting provider has got some special security-features. My problem is now: i want to set the right filepermissions for uploaded files automaticly. E.g. when I upload a pdf into a page, it should have the permissions 0640 and not anything other.
    Is there a way to tell Silverstripe for which filetypes it shout use the right permissions?

    Thanks in advance!

  • TotalNet
    Avatar
    Community Member
    181 Posts

    Re: File Permissions Link to this post

    Hi,

    Is it just files uploaded to SS you are thinking about? Are the default permissions too much or not enough in your view?

    A way around this might be to upload the file to "assets" with an FTP client and set the permissions that way.

    Don't know of a way to configure the permissions SS sets but I know it can be done in php.

    Cheers,

    Rich

  • tonisch
    Avatar
    Community Member
    15 Posts

    Re: File Permissions Link to this post

    Hi!

    Thanks for the reply!
    Changing the permissions with an FTP-Client is no problem for me, but for my clients
    I thought that there's perhaps a config-file where I can say Silverstripe what permissions it should use for the different types of files. Independent if they are self created or uploaded.
    Is there a way to set then generally?

    Cheers,
    Toni

  • banal
    Avatar
    Community Member
    901 Posts

    Re: File Permissions Link to this post

    Have a look at the sapphire/filesystem/Filesystem.php class.
    It defines two public static members for file and folder creation.
    You should be able to set them in your _config.php, like this:

    Filesystem::$file_create_mask = 02775;
    Filesystem::$folder_create_mask = 02775;

    Not sure if this has any influence when uploading files, but it certainly does when you create folders via SilverStripe.
    If that doesn't work, you could create a shell script that finds and updates files with the wrong permission. Then regularly run the script as a cron-job?

  • tonisch
    Avatar
    Community Member
    15 Posts

    Re: File Permissions Link to this post

    Hi!

    Thanks, this would be the first step. Do you know, if I can also set specific permissions for php-files?
    I'll try, if uploaded files are influenced by this settings. The shell-script-cron-job-sollution is not a real sollution for me, because the files, I am talking about, will be uploaded by users. And you always got to wait, until the cron-job is through, before they can access the files...

    Sorry I'm just in a hurry, so my answer is quite short. But thanks a lot for the tip with the _config.php!

    Toni

  • Hamish
    Avatar
    Community Member
    712 Posts

    Re: File Permissions Link to this post

    You could decorate the 'File' class so that uploaded files have their permissions modified after write.

    However, this raised some alarm bells:

    > Do you know, if I can also set specific permissions for php-files?

    You're not trying to allow execution of uploaded php, are you?

    Your htaccess should prevent execution of .php, .phtml and .shtml (at least), and you should ensure that the upload directory has no execution privileges etc. Even then, it isn't particularly secure.

  • tonisch
    Avatar
    Community Member
    15 Posts

    Re: File Permissions Link to this post

    Hehe, good idea, but I am far away from this!!!
    No, my hosting provider has some special permissions for php-files. just "r--------" (0600). Therefore I wanted it.
    But my problem is solved, because I changed now to hosteurope...

    But thanx for the help and the warning!

    2362 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.