The MU forums have moved to WordPress.org

blogs.dir file permissions (10 posts)

  1. realsol
    Member
    Posted 15 years ago #

    I search file permissions here on the forums, but lots of stuff on installation. My MU works great.

    I wanted to allow ftp access to a few of my users to their blog.dir directories. So I thought I would check out current permissions on files both I and my son have been FTPing.

    I noticed that in some cases, files could not be executed when saved in the /files directory. But a couple of blogs, we have themes installed just below the files directory, blogs.dir/3/themes, and the php files there can be written too.

    What are the basic file permissions set on the /blogs.dir?

    Where are these set?

    Is FTP safe if in the /files directory?

    Thanks.

  2. Klark0
    Member
    Posted 15 years ago #

    Are you sure that's a good idea ? Are you running a public system ? Besides the built-in media library gives access to the files uploaded to the blogs.dir by users.

  3. tdjcbe
    Member
    Posted 15 years ago #

    It may not be a good idea but with wordpress, since it doesn't pick up files that have been ftp'ed, it may be moot.

  4. realsol
    Member
    Posted 15 years ago #

    Flash upload is broken for me. I am trying to figure out a way to allow multi uploading for user that have multiple pics they want in their directory. Can't get it to work after updating to flash 10.

  5. Klark0
    Member
    Posted 15 years ago #

    Maybe you should tell them to revert back to Flash9, until WPMU 2.7 comes out.

    I'm also looking for a way to mass upload. Would be cool if we could upload a zip of images into the built in uploader. (NextGen has that feature).

  6. realsol
    Member
    Posted 15 years ago #

    Thanks for the post Klarko,

    I think that is the last time I try to downgrade flash. What a pain. Ended up having to go back and reinstall everything.

    Oh well, I guess I have to wait for 2.7 to get multi upload capability. Even then, I am probably going to wait for 2.7?. I think I am done jumping on the upgrade band wagon especially since I am going live in a few days.

    Back to FTP, isn't there a way to protect files that get FTP'ed, like .htaccess or something? I mean if you are only giving them access to a deep directory, what harm could it do to allow FTP access if they couldn't execute the files.

    I only ask because I don't know. I know I need to enter into this as if I don't trust anyone to protect myself. I just want to understand if it is possible an what could go wrong.

    Thanks.

  7. lunabyte
    Member
    Posted 15 years ago #

    Allowing a "user" to FTP something to a directory, even if it's isolated to their own directory structure, just isn't a good thing. Why?

    a) They can set file permissions (read/write/execute) on files uploaded.
    b) There isn't a restriction on the file extensions which could be uploaded.

    With just the two above, a "user" could take your entire site down.
    How? Upload a php file, and it's over. All it would take is an include_once, and they have everything they need. They can read in your wp-config file, and the ballgame is over.

  8. realsol
    Member
    Posted 15 years ago #

    OK. I'm sold. No FTP. I just now need to figure out a good upload method for users that want to upload more than one file at a time. I was looking at flexible upload, a WordPress plugin. I would have to edit it to not allow a directory to be chosen, just their upload directory.

    Do you know of any other solutions? Would a plug-in like above be safe? What does everyone else offer?

  9. andrea_r
    Moderator
    Posted 15 years ago #

    2.7 isn't any different in the way it handles uploads.
    if you have the right flash, you get multiple uploads. If it detects no flash (like my computer) it default to one at a time.

    Did you check it on another computer? Most users on certain systems of mine haven't had an issue.

  10. realsol
    Member
    Posted 15 years ago #

    I lost my flash upload when I upgraded my nextGEN and WordTube. WordTube required Flash 10. Once I upgraded, I lost the upload. No sure how to get it back.

About this Topic