Hello!
First I have to say that phpix(2) looks great. Good features, seems to be easy install...
But I have some problems (and the website phpix2.sourceforge.net is empty, so here a message):
After installing phpix2 and moving it later to my web-directory I got problems with the permissions on convert.sh. After a new install (and new make) these problems are fixed.
But now are permission-problems with the pictures.
phpix2 said:
"albums/Sample Album/A-10.jpg" is not owned by the euid. (whoever installed phpix does not own this file
"albums/Sample Album/Trees.jpg" is not owned by the euid. (whoever installed phpix does not own this file
The owner and group is 5000:5000, I changed this to root or my user, but there is no success. I installed the script under root.
Is there a way to solve the problems?
Best regards, Jens Meyer
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-04
Yes, this is the convert.sh script complaining because it thinks there's something fishy going on. You need to make sure that all your directories and files and *everything* are owned by the same UID, otherwise you get that error.
Maybe another problem is that you can't run setuid programs from the filesystem you've got phpix installed on. In that case, you're going to have to let me know and I'll go on and fix up the non-suid option.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-10
I am having the same problem. I am running RH7 and installed phpix as root. All files (including all sub dirs) in my phpix dir are owned by id 5000 except the following which are owned by root:
config.inc
convert
convert.h
style.css
I see in the config.sh where you are doing the check for the owner of the file. My question may be a dumb one, but what would be the harm in commenting that out? Would there be any security risks?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-10
I'm working with Keith Petit on this one; when I come up with a fix for it I'll let you know.
One thing I'd check right away is whether or not your convert has the suid bit (-rwsr-xr-x). If not, chmod +s it. The makefile does this for you but if you chown something that bit gets cleared.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-10
Yes my convert has -rwsr-xr-x . Thanks for looking in to this. By the way, this is a great app. I have been using 1.x for a few months and have received many compliments.
Steve
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On FreeBSD (Which I use) if tar cannot find a username, it defaults to root, it may not behave this way on all systems. I suspect either iacyclone has a neale user on his machine, or neale is user 5000 on his own box.
I created a neale user on my machine, and untarred the archive as root. This is the result:
drwxr-xr-x 4 neale neale 512 Jan 10 20:48 .
drwxr-xr-x 3 root users 512 Jan 10 20:48 ..
-rw-r--r-- 1 neale neale 17992 Dec 28 10:15 COPYING
-rw-r--r-- 1 neale neale 1815 Jan 5 17:27 ChangeLog
-rw-r--r-- 1 neale neale 166 Dec 28 10:18 HISTORY
-rw-r--r-- 1 neale neale 2450 Jan 5 17:22 INSTALL
-rw-r--r-- 1 neale neale 1359 Jan 4 21:44 Makefile
-rw-r--r-- 1 neale neale 1265 Jan 4 21:45 README
-rw-r--r-- 1 neale neale 429 Dec 28 21:34 TODO
drwxr-xr-x 3 neale neale 512 Dec 27 21:33 albums
-rw-r--r-- 1 neale neale 43 Dec 27 19:46 blank.gif
drwxr-xr-x 3 neale neale 512 Dec 28 21:27 cache
-rw-r--r-- 1 neale neale 5765 Jan 5 17:46 common.inc
-rw-r--r-- 1 root neale 1381 Jan 10 20:48 config.inc
-rwsr-xr-x 1 root neale 3529 Jan 10 20:48 convert
-rw-r--r-- 1 neale neale 432 Dec 27 20:45 convert.c
-rw-r--r-- 1 root neale 41 Jan 10 20:48 convert.h
-rwxr-xr-x 1 neale neale 1029 Jan 5 17:47 convert.sh
-rw-r--r-- 1 neale neale 1381 Dec 28 21:29 dfl_config.inc
-rw-r--r-- 1 neale neale 2294 Dec 28 21:29 dfl_style.css
-rw-r--r-- 1 neale neale 6272 Dec 27 19:46 directory.jpg
-rw-r--r-- 1 neale neale 5171 Dec 29 10:27 index.php
-rw-r--r-- 1 neale neale 6844 Dec 29 10:28 modify.php
-rw-r--r-- 1 root neale 2294 Jan 10 20:48 style.css
-rw-r--r-- 1 neale neale 1131 Dec 27 19:46 unknown.gif
-rw-r--r-- 1 neale neale 7084 Dec 29 10:27 view.php
Note all the files are owned by the neale user except the 4 listed above.
Neale: The fix for this is to chown the files to root before creating the archive, then the behaviour will be correct for any user.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2001-01-11
Yes, it's funny, I had just arrived at the same conclusion.
I forget that tar is more than just an archiving program. Maybe I should have shipped the distribution as an .ar.gz instead :-)
Anyway I've got Keith trying a new -pre3 that, in addition to being archived with UID and GID of 0, has a check in the makefile that will yell at you if you're running it as root.
I don't want to be responsible for creating an suid root shell script wrapper on anyone's computer. :-)
Good find though, Bryan.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello!
First I have to say that phpix(2) looks great. Good features, seems to be easy install...
But I have some problems (and the website phpix2.sourceforge.net is empty, so here a message):
After installing phpix2 and moving it later to my web-directory I got problems with the permissions on convert.sh. After a new install (and new make) these problems are fixed.
But now are permission-problems with the pictures.
phpix2 said:
"albums/Sample Album/A-10.jpg" is not owned by the euid. (whoever installed phpix does not own this file
"albums/Sample Album/Trees.jpg" is not owned by the euid. (whoever installed phpix does not own this file
The owner and group is 5000:5000, I changed this to root or my user, but there is no success. I installed the script under root.
Is there a way to solve the problems?
Best regards, Jens Meyer
Yes, this is the convert.sh script complaining because it thinks there's something fishy going on. You need to make sure that all your directories and files and *everything* are owned by the same UID, otherwise you get that error.
Maybe another problem is that you can't run setuid programs from the filesystem you've got phpix installed on. In that case, you're going to have to let me know and I'll go on and fix up the non-suid option.
I am having the same problem. I am running RH7 and installed phpix as root. All files (including all sub dirs) in my phpix dir are owned by id 5000 except the following which are owned by root:
config.inc
convert
convert.h
style.css
I see in the config.sh where you are doing the check for the owner of the file. My question may be a dumb one, but what would be the harm in commenting that out? Would there be any security risks?
I'm working with Keith Petit on this one; when I come up with a fix for it I'll let you know.
One thing I'd check right away is whether or not your convert has the suid bit (-rwsr-xr-x). If not, chmod +s it. The makefile does this for you but if you chown something that bit gets cleared.
Yes my convert has -rwsr-xr-x . Thanks for looking in to this. By the way, this is a great app. I have been using 1.x for a few months and have received many compliments.
Steve
I had a brainwave...
On FreeBSD (Which I use) if tar cannot find a username, it defaults to root, it may not behave this way on all systems. I suspect either iacyclone has a neale user on his machine, or neale is user 5000 on his own box.
I created a neale user on my machine, and untarred the archive as root. This is the result:
drwxr-xr-x 4 neale neale 512 Jan 10 20:48 .
drwxr-xr-x 3 root users 512 Jan 10 20:48 ..
-rw-r--r-- 1 neale neale 17992 Dec 28 10:15 COPYING
-rw-r--r-- 1 neale neale 1815 Jan 5 17:27 ChangeLog
-rw-r--r-- 1 neale neale 166 Dec 28 10:18 HISTORY
-rw-r--r-- 1 neale neale 2450 Jan 5 17:22 INSTALL
-rw-r--r-- 1 neale neale 1359 Jan 4 21:44 Makefile
-rw-r--r-- 1 neale neale 1265 Jan 4 21:45 README
-rw-r--r-- 1 neale neale 429 Dec 28 21:34 TODO
drwxr-xr-x 3 neale neale 512 Dec 27 21:33 albums
-rw-r--r-- 1 neale neale 43 Dec 27 19:46 blank.gif
drwxr-xr-x 3 neale neale 512 Dec 28 21:27 cache
-rw-r--r-- 1 neale neale 5765 Jan 5 17:46 common.inc
-rw-r--r-- 1 root neale 1381 Jan 10 20:48 config.inc
-rwsr-xr-x 1 root neale 3529 Jan 10 20:48 convert
-rw-r--r-- 1 neale neale 432 Dec 27 20:45 convert.c
-rw-r--r-- 1 root neale 41 Jan 10 20:48 convert.h
-rwxr-xr-x 1 neale neale 1029 Jan 5 17:47 convert.sh
-rw-r--r-- 1 neale neale 1381 Dec 28 21:29 dfl_config.inc
-rw-r--r-- 1 neale neale 2294 Dec 28 21:29 dfl_style.css
-rw-r--r-- 1 neale neale 6272 Dec 27 19:46 directory.jpg
-rw-r--r-- 1 neale neale 5171 Dec 29 10:27 index.php
-rw-r--r-- 1 neale neale 6844 Dec 29 10:28 modify.php
-rw-r--r-- 1 root neale 2294 Jan 10 20:48 style.css
-rw-r--r-- 1 neale neale 1131 Dec 27 19:46 unknown.gif
-rw-r--r-- 1 neale neale 7084 Dec 29 10:27 view.php
Note all the files are owned by the neale user except the 4 listed above.
Neale: The fix for this is to chown the files to root before creating the archive, then the behaviour will be correct for any user.
Yes, it's funny, I had just arrived at the same conclusion.
I forget that tar is more than just an archiving program. Maybe I should have shipped the distribution as an .ar.gz instead :-)
Anyway I've got Keith trying a new -pre3 that, in addition to being archived with UID and GID of 0, has a check in the makefile that will yell at you if you're running it as root.
I don't want to be responsible for creating an suid root shell script wrapper on anyone's computer. :-)
Good find though, Bryan.