Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By CryHaven12 on
Hi ...
Im hoping there's someone out there who can help me with this.
For my drupal site, I've made it such that for every member who joins my site, I create a folder for him which is named after his uid.
2 kinda things will eventually be stored on his folder, namely his picture and his resume, uploaded by only him.
What I want to achieve is the following ...
1) Everyone (logged in or not) should be able to view his picture
2) Noone, except my FTP server, should be able to see his resume.
Can someone enlighten me on how to do this?
I've been experimenting with chmod, permission 0700 and 0755 on the user's folder ... but his files are still accessible all the time.
Thanks in advance.
regards,
Janus Ong
Comments
Add On
Here's more info ... im running a linux web hosting server, but Im using Windows XP on my home PC.
My upload functions are written using Drupal's form type ='file' function, and i have chmod the resume files to 0600, that is ... the files are only readable and writable by the user himself.
BUT, somehow the files are still available via direct URL in any browser! This is obviously a security breach. I think it's something to do with the chmod "user" status of the uploader or something that's not properly declared...
ALSO, i cannot access the files via my FTP.
ideally, i hope to have the files accessible only to the uploader himself, and a certain declared Drupal Role.
can someone give me a solution ... vexed.
regards
As on the server side the
As on the server side the webserver process is doing all handling, this is the user, who owns the files and NOT the user, who loads it up. That's the explanation.
Regards
Werner