Chmod?

software development

#1

Hello- I know absolutely nothing about PHP. I needed something new to do so I came across this site that offers the coding to run a postcard site. http://www.openconcept.on.ca/guide-cards.phtml It’s in PHP so here I am with questions :slight_smile:

First, what the heck is chmod?? This is what it says I need to do…

[color=#00CC00]cardfile.txt

This is just a simple, blank text file. However, you need to ensure that you have write access to this file. Your server may allow you to change this file using something like the following:

chmod 666 cardfile.txt [/color]

I am assuming I need to make a txt file and name it ‘chmod 666 cardfile.txt’?? I did go to http://php.net to see if I could find this out. Their search came up with nothing.

Any help will be appreciated. I don’t want to give up before I even start!!! Thanks!!!

-Christy


#2

chmod changes the permissions of the file. you can do this via telnet or some common ftp programs.

if via telnet:
login via telnet and move to the directory that has [color=#00CC00]cardefile.txt[/color] and type in [color=#00CC00]chmod 666 cardfile.txt[/color]

if via ftp:
depending on which ftp program you are using you should be able to right click on the cardfile.txt file that is located on the server and select chmod. There should then be a text box to type in 666. Once again, this depends on the ftp program you are using.

Hope that helps.


#3

Hi Monk- Thanks so much for your help. It’s very much appreciated. WS_FTP was a little different but I figured out how to get the 666.

I got the postcard site up and running and now I see how PHP works. I’m excited about that but I’m a little disappointed now. Now that I understand, I have realized that the cardfile.txt holds all the info for the cards. Email addresses, postcard messages, & the other stuff to get the card. It makes me feel icky about having access to that. What bothers me is that others can have access to it also if they know the URL. It’s not on any of the pages people access but it’s still there on my server. The only option I have is to put the txt file in another directory and hope no one finds it. My question is, can I password protect that directory? I’m guessing no because the program needs access to the file and if it’s protected, it can’t get to it, right? Was that a dumb question? LOL I’m just trying to make this work. I’m excited about it and don’t want to just dump it over this. If password protecting it does work, can you tell me where the best place to learn how to do that is? Thanks :slight_smile: I know this is kinda OT but should I mention somewhere on the site that the messages and stuff are not private. I really am having issues with this. It’s an invasion of privacy really. Had I known it was going to be like this, I wouldn’t have done it :frowning: Thanks again for your help!!!

-Christy


#4

Password protection through .htaccess is the wrong way to go. (And it’s not a dumb question. A dumb question is “are you mad at me for A or for B?” - especially if she didn’t know about A or B and was mad at you for C.)

If the root “htdocs” directory for your domain is
/home/username/public_html
then browsers have access to anything in public_html or anything in a subdirectory of it. YOU, however, have access to anything in
/home/username
and anything that is a subdirectory of it, and since CGI programs run with the same permissions that YOU have from the command line, this allows you to have your CGI programs use files which CANNOT be accessed from a browser.

For instance, you could have
/home/username/yahoo.com
/home/username/amazon.com
/home/username/disney.com
and
/home/username/data
where yahoo.com, amazon.com, and disney.com are your domains (so dream a little!) and data is a directory which cannot be directly accessed by the webserver.

You could put files in that data directory which are accessible to CGI programs run on any of the domains, yet would not be directly accessible to browsers.

In most cases, you can use existing scripts by entering “/home/username/data/myfile.txt” instead of simply entering “myfile.txt” as the name of the data file.


#5

You could re-configure your script to go down the route deke recommended.

However, if you do not want to make a fresh install then putting [color=#CC0000].htaccess[/color] control files is perfectly acceptable (and not a dumb suggestion).

A CGI program will be able to access files from within directories protected with [color=#CC0000].htaccess[/color]. There are limitations and exceptions to this rule, but I won’t go into that. Therefore you could put a [color=#CC0000].htaccess[/color] file in there and it will restrict access to nosy web browsers, but not to your CGI program.

You can set this up through your web control panel.

Wil