Adding .htaccess to disallow sites/default/files directory from any access - ubercart

Customers at my site upload private files using node checkout module which finally land in sites/default/files directory as part of their order.
Unfortunately I could never find a way till now to restrict those files to the owners only. I've even used User File module, but this module stopped my site.
Customer can upload files as their product order even as anonymous but to checkout they will need to login.
So if I add .htaccess in this directory disallowing everybody in the world read access, will this idea work?
I was thinking to write a hook so that as soon as a product is checked out, it's associated uploaded file can be moved to some private location, or have it's read permission removed( as hosting is on linux).
Any ideas?
I'm using Drupal-6

Related

Migration to VPS w/Plesk

I had a shared hosting package with 1and1 and I just moved over to their VPS hosting that uses Plesk. I already had the domains moved over the VPS server and I already uploaded all of the files via FTP.
I talked to an agent yesterday and he helped me setup the main page on the website so that it would go to the appropriate root directory. The main website is working properly whenever I go the main domain name, however, whenever I go to website.com/blank or website.com/stuff, I receive a 404 error.
The strange part is that I see the files in Plesk file manager, I just don't know why they are not displaying properly. I didn't change anything in the migration process.
I did not change the code on any of the pages and I have contacted their customer support team a number of times, but they have been unable to resolve the issue.
Can anyone tell me what I should do to make sure that the files are associated with the correct pages?
Have you checked the permission for the files and folder under your domain, this seems to be an issue with either your ownership or permission of the files. And if thats not the problem it could even be your .htaccess file.. make sure you have transferred your .htaccess file as well from old shared hosting to new VPS.

Rails/Paperclip - Can't see uploaded images

I have a Rails 3 application which has an attachment model and uses Paperclip gem. Everything works fine on development environment but on production server we cannot access any of the images uploaded. The images are in the right folder where they are supposed to be but when I try to reach them on browser I simply get the 404 page.
The upload folder is located under public folder and called "uploads"
I can access this: "app_url/uploads/test.html" which I manually created to see if it works
But I cannot acces this: "app_url/uploads/test.jpg" which I upload within the application via Paperclip.
I can guess this has something to do with the server configuration but I'm not an expert and may need help about it.
Thanks
UPDATE
I've just realised that uploaded files belong to "nobody" and when I manually change the owner to "root" it seems to be working fine. So I need to find a way to tell Paperclip make the files belong to "root"
It's not a good idea to have a web application being able to write files as root. File permissions are derived from the process writing the files. In case you're using Passenger, there's the concept of user switching:
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultUser
Upon startup of your app, Passenger tries to figure out which user owns those files, and tries to switch it's application process to that user. In case it fails, "nobody" is the default.
Check your application permissions on the file level. You should have one user account per application on your server. The application (the directory and contents above the public directory) should be owned by this user. Files under public should be readable by others, so the webserver can pick them up, too.
Are you using Capistrano for deployment?

Joomla Permissions

I am new to Joomla and have been given the task of supporting a site that was created in Joomla 1.5.25. They keep getting errors that files are not writable. They also can't add or delete anything to and from the media manager even in a Super Administrator account. I was able to override these errors with changing folder permissions from 755 (Joomla's recommended permission set) to 777, but was wondering if there is a better way of going about this (I don't want to leave a security hole on their site with the 777 permission set). From what I have read through my research is Joomla permissions requirements can vary based on your hosting company, so I want to get other peoples input before I give my hosting company a call.
On a side note, is there a way of getting the error messages to display longer then 2 seconds?
Why don't you try changing the permissions only to the folders that are written to temporarily? Another solution is to find out under which user apache is running and make sure that user is the owner or at least in a group that owns your Joomla! directory.

Access error uploading file using winsp

I am trying to upload two files to a webserver so my teacher can see it. I am using winsp since my filezila doesnt work. But for some reason it is telling me that i don't have access to that page. Can anyone tell me why is it doing that.Here is a picture of my screen.
I am just not understanding why it is telling me that i don't have to access it.
If I had to take a guess, that public_html folder is your public directory where you should put things that anybody can get to (like through a browser). You have your files outside of that directory, so your page can't access them.
edit:
It's an educated guess, as I have seen a fair amount of server configurations that name the public web folder as such (other common names are "www" and "httpdocs")
Problem definitly isn't in code. There is error while uploading files. Can you connect to FTP regulary? If you can. Look for Active or Passive file transfer to FTP. Also if you can upload files, files must be in public_html folder to be visible from browser.
Active or passive
First read Neal comment.
second, you should probably copy the files into the /public_html folder, instead of the / (root) folder.

how to change folder permission in cms made simple

im working with cms made simple.my problem is my template folder permission.in this cms when a template uploaded,a folder (by the same name of that temlate,for example : 'TEMP1') creates and it's permission is set to 0755.when i want to change permission of the template folder i will get this error :
FileOp Failure on: /home/visamast/public_html/uploads/arty1: Operation not permitted
and also when i want to upload files via ftp or cpanel to this folder nothing will happen,i mean the upload process will be done,but no files has been uploaded!!!!!!!!
how can i fix this problem?!
It sound like you are having an ownership problem rather than a permission problem. If your server is set up to run PHP as a module, files and directories created by PHP will be owned by the generic Apache user. Generally that means that you will not be able to change permissions on the file/directory. Most likely you will need to have your hosting company do a recursive chown on the entire directory tree your site is in to make you the owner of all of the files and directories.