Upload path issues

dektek11

Joined: 2005-08-20
Posts: 3
Posted: Sat, 2005-08-20 09:47

I'm trying to set up the gallery and pretty much everything has gone great. The problem is when I get to setting the local server upload paths. I can't set any directores that I create. And when I set it to a dir that works, like /tmp, it's not the correct directory under my domain's directory. I've tried setting it to several different directories and each time I open it with the uploader and see a whole folder full of (what looks like) sensitive data.

The only thing I can think of is that I'm on a shared server and I may be accessing folders from the server's root directory. Is this possible? If it is, then that presents a couple problems, one of them being a reasonably large security issue.
----
The following information is required to get an answer:
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful):
Gallery version: Gallery 2
Apache version: 1.3.33 (Unix)
PHP version (don't just say PHP 4, please): 4.3.11
Graphics Toolkit:
Operating system: Linux
Web browser/version (if applicable):

 
dektek11

Joined: 2005-08-20
Posts: 3
Posted: Mon, 2005-08-22 04:06

As I mentioned before, this is not my directory. The only thing I can figure is that somehow I am accessing my host's server root directory. I'm sure you can agree that this may be a bit of a security problem if I am allowed to access these directories.

 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Mon, 2005-08-22 04:39

You're using G2, not G1.

Mods, please move this topic to the G2 Support forum.

This is not a security problem, this is how most shared servers are setup (keyword shared). If you logged in via FTP or SSH you could cd / and browse through there all you want. You're seeing directories the use Apache runs as. Just because it can see something doesn't mean it can read it's contents.

You know where to enter your upload path. You need to enter the correct path to the directory you want to upload files to and that directory has to alread exist.

Are you seeing any error when you try to set this directory?

 
dektek11

Joined: 2005-08-20
Posts: 3
Posted: Mon, 2005-08-22 05:36

I'm sorry, my error for the wrong forum.

I can't cd / via FTP. I don't have SSH access, which is why I would assume I shouldn't be able to access this way. Any of the directories that I attempt are not in my dir tree. How am I supposed to find a directory in my tree if I'm in the root dir? Also, I can download anything in the root directory if I use the local server file adder and then download it to me.

 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Mon, 2005-08-22 13:59
Quote:
Any of the directories that I attempt are not in my dir tree. How am I supposed to find a directory in my tree if I'm in the root dir?

Do you know what the full path to your web directory is suppose to be? If so enter that for your local directory.

Quote:
Also, I can download anything in the root directory if I use the local server file adder and then download it to me.

Nothing wrong with that really. Again, Gallery is running as the user Apache is running as and can see anything that user can, which is usually quite a bit of the filesystem, however, it usually can't delete or write to most of it ;)

 
peter_k

Joined: 2005-09-15
Posts: 134
Posted: Fri, 2005-09-23 11:29

I'm not sure this is the solution you were looking for, but this is what worked for me.