New image.module seems to be working but images do not show because (in my installation) HTML path to file is http://www.example.com/files/images/my_image.jpg yet when I take a look at the server file structure the image is in the files/images/temp/ folder - not where it's supposed to be.

Running latest cvs 2005/3/31 and multisites with virtual no content as yet.

Any assistance appreciated.

Comments

Bèr Kessels’s picture

Bèr Kessels commented

Are you sure all directories are set and have the correct permissions.90% of the times missing dirs and false permissions cause the uploads to fail.

Another test: check whether other uploads work. If not, please move this support issue to "upload module".

inteja’s picture

inteja commented

The images are uploaded but they are in files/images/temp/ and not files/images/. The generated HTML points to files/images/ like <img src="http://www.example.com/files/images/my_image.jpg" />.

Bèr Kessels’s picture

Bèr Kessels commented

yes, I understood that. But again: are you sure all the permissions are set correctly?
Also: do you have GD? or any other image manipulation toolkit, with the appropriate .inc?

It looks like your images cannot be written to the image dir. This can be caused by a faulty setting (please chmod 777 image to see if that works, note that 777 is UNSAFE and should only be used for testing purposes!). Also, try with a phpinfo() to see if you have GD support.

Bèr

inteja’s picture

inteja commented

Images seem now to be at least writing to the directory but still not displaying. GD2 is installed and working fine.

I played around with different chmod settings. Images only display when:

root/files = minimum 710
root/files/images = 777

If, as you say, this is unsafe and should only be used for testing, how do I get images to show with more secure chmod settings?

Thanks for your help.

Brian.

Bèr Kessels’s picture

Bèr Kessels commented

I am no guru, but I suspect the followoing is the case:

Apache runs under user and group: www-data, www-data.
The directory images is created with read and write perms under this user.
your image toolkit (imagemagick?) tries to wrtie to this dit under a different username.

What I suggest (if abovementioend is the case), is to change the group-ownership of the dirs in /files (best is to change /files as well.
You should change the group to a group where both apache (www-data) is member of, and where the owner of the image files is member of.

I can help you further if you are so kind to look at the below stated commands (you need shell access to your host!) and execute the commands. You should then post the owners, and permissions back here, please.

Example:

ls files/ -al 
...
drwxr-xr-x   3 www-data www-data  6144 2005-03-30 15:10 images
...

shows that the image dirt belongs to apache, and that it has rwx for apache and rread only for the groupa nd the world (all the others)

ls files/images -al 
...
-rw-r--r--   1 www-data www-data  12569 2005-03-30 15:10 004649275c7a6d22a1923c4808d3d47c-34.jpg
-rw-r--r--   1 www-data www-data 18976 2005-03-30 15:10 04602371dbd065c51347ff85112ecc72-17.jpg
...

shows me that my images are created by apache too. In your case that might be a different user, or group.

The trick will be to get (or create) the group where both apache (www-data) as the one wich creates your images is a member of.

inteja’s picture

inteja commented

Here are my results:

ls files/ -al
...
drwxrwxrwx    3 vrealms  users        4096 Apr  4 13:27 images
...

ls files/images -al
...
-rw-r--r--    1 vrealms  users       87137 Apr  1 13:30 DSC00020.jpg
-rw-r--r--    1 vrealms  users        3353 Apr  1 13:30 DSC00020.thumbnail.jpg
-rw-r--r--    1 vrealms  users       99304 Apr  4 13:12 DSC00021.jpg
-rw-r--r--    1 vrealms  users        3262 Apr  4 13:12 DSC00021.thumbnail.jpg
...

vrealms is our virtual hosting account name.

Thanks Bèr!

Brian.

Bèr Kessels’s picture

Bèr Kessels commented

those vrealms will make things a bit harder :).

I see the images are in /images. I see they have correct usernames, and correct permissions.
The only thing remaining here, is the permissions of /images. You could ignore it, and leave it as a potential security hole.

But you should set the image folder to drw-r--r-- did you try that? What is the result?

Bèr

inteja’s picture

inteja commented

drwxrwxrwx (chmod 777) is the only one that works.

Dropping back to drw-r--r-- (chmod 710) causes images not to show.

Brian.

Bèr Kessels’s picture

Bèr Kessels commented

Can you be a bit more verbose? What exactly is "not showing up". Do you get 404s ewhen accessing the images directly etcetc?

inteja’s picture

inteja commented

403 access denied

Anonymous’s picture

(not verified) commented

Try adding execute permission to the directory in question.

inteja’s picture

inteja commented

As stated in #6 above, I've already tried that and yes it does work but I'm trying to get it to work with more secure permissions. There is no stated requirement in the image.module INSTALL.TXT for such open permissions plus the upload.module works fine with root/files being more secure. Why is image.module different?

Brian.

ezheidtmann’s picture

ezheidtmann commented

(I was the earlier anonymous user)

Execute permission is not insecure. It simply allows access to the directory and the files within it. Write permission is insecure. Try setting the permission to 755 (rwxr-xr-x).

ezheidtmann’s picture

ezheidtmann commented

And btw, 710 is rwx--x---, not rwxr--r--.

inteja’s picture

inteja commented

OK. 755 worked! Thanks!

If you say it's secure that's good enough for me. Happy now. :-D

Brian.

inteja’s picture

inteja commented