0

I have a form which uploads a picture to an upload folder on my Gnu/Linux host.

When the user registers, it creates a folder for them, in uploads, and puts their picture into it.

I have disabled indexing and obfuscated its location; but currently if you know the path to the file, eg website.com/uploads/user3/photo.png, then you can access it. What permissions would I need to set on the user folders and their contents to protect these from prying eyes? In order for the upload function to work global needs to have read and write (which is annoying) so please take this into account.

From what I can see it should be quite difficult for people to find the filenames of these images as it stands (no indexing etc), but nevertheless, if they did they would be able to view/download them.

Any other tips appreciated.

By the way; My host does not seem to allow setfacl for some reason, a previous question suggested this as the answer.

Improve this question
0

2 Answers 2

Reset to default
2

There's an easy solution to this that doesn't require anything related to filesystem permissions: just change the upload path to somewhere outside the document root. If authenticated users do need to see them over the Web, then have your server-side Web code include them after verifying their authentication.

Improve this answer
2
  • Thanks, I did think of that but the upload/register code is proprietary and if I were to modify it upon update it would revert. It seems to set that directory and not allow any modifications, which is simply terrible to be honest but Im being forced to use this solution by another party. Commented Jul 31, 2019 at 21:16
  • 1
    We may need more info about web-server, and upload/download thing. Commented Jul 31, 2019 at 23:54
1

This does not seem to be a problem that you can solve with file permissions. You need to solve it in you web-app. If the web-app needs access, then it needs access. The web-app will know what user is logged in to the web-app (this is not the same as a Unix user: The web app will run as one Unix user).

Technique one: use hashes or large random numbers, as file names. This will be impossible to guess, but still possible to access, if one gets hold of the name.

Technique two: use a security library/framework to manage it.

As for setfacl, it is eacher not installed, or it is not enabled on the file-system, or not enabled in kernel.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.