I just want to move a temporary file to a specified folder. Here is my code.
$uploads_dir = $_SERVER['DOCUMENT_ROOT'].'/upload';
$name = basename($_FILES["csv"]["name"]);
$tmp_name = $_FILES["csv"]["tmp_name"];
chmod("{$uploads_dir}/{$name}", 0755);
if (!move_uploaded_file($tmp_name, "{$uploads_dir}/{$name}")):
array_push($fileErrArr, "fail to move uploaded file");
endif;
This is the error message from the httpd log. It doesn't even mention the "permission" stuff.
[error] [client XXX] PHP Warning: move_uploaded_file(/var/www/html/upload/XXX.csv): failed to open stream: \xe8\xa8\xb1\xe5\x8f\xaf\xe3\x81\x8c\xe3\x81\x82\xe3\x82\x8a\xe3\x81\xbe\xe3\x81\x9b\xe3\x82\x93 in /var/www/html/XXX/action.php on line 115, referer: https://XXX/
[error] [client XXX] PHP Warning: move_uploaded_file(): Unable to move '/tmp/php40tPEO' to '/var/www/html/upload/XXX.csv' in /var/www/html/XXX/action.php on line 115, referer: https://XXX/
Any help is appreciated. Thanks!
I think you can use this <?php echo exec('whoami'); ?> to check your PHP script runner.
Then use ls -l to check the target direction who is the owner.
Make sure the runner and the owner is the same.
Eg: the php runner may be www-data and the target folder owner may be admin. Use:
chown www-data /var/www/xxx/upload
chmod 755 /var/www/xxx/upload
It may work.
Hello Everyone I did encountered this error lately, I am also a beginner and solved this problem in just 3 hours this is the thing that helps me. I use Linux AMI EC2 intance.
The problem might be all about the "Writeability"(sorry I am not really familiar with terms please bear with me) permission of the folder maybe it is only allowed for the root
First make a script on the live serve and include this code to know what is the name
of the client that will execute the move_uploaded_file command of php
<?php
echo exec('whoami');
?>
Then it results to give me "apache" as my client's user
After it look for the folder the destination check if it is writeable by the client's side
using
ls -lh /var/www/folder/
then you will see like
the root and www on it
change it to
chown -R apache:apache /folder destination
Always take note that the user is the result of whoami php script
Hope this helps
Related
I have a php script with no erros (I tested it in other servers), the problem is, in this server I cannot upload images from php.
I add 755 to folder, php.ini file upload is on, max file size is 12mb.
I run this:
chown apache /var/www/html/img-img/
chmod 755 /var/www/html/img-img/
but also didn't solve my problem.
my php also try to create a folder to upload images inside img-img (no success):
$pasta = date("dmy");
$pasta_dir2 = "img-img/$pasta";
if(!file_exists($pasta_dir2)){
mkdir($pasta_dir2, 0755);
}
I have this warnings:
move_uploaded_file(img-img/14719222_886454304825512_8860750091242176512_n.jpg): failed to open stream: Permission denied in /var/www/html/teste.php on line 38, referer: http://example.com/teste2.php
PHP Warning: move_uploaded_file(): Unable to move '/tmp/phptZYSam' to 'img-img/14719222_886454304825512_8860750091242176512_n.jpg' in /var/www/html/teste.php on line 38, referer: http://example.com/teste2.php
any ideas how to solve this without break server security?
this solve my problem:
I don't know what it does, but works... if anyone knows, please, answer this and let me know.
sudo chcon -t httpd_sys_rw_content_t /var/www/html/img-img -R
Check if img-img folder exist and try to set 744 permission to all the folders and subfolders of html using chmod -R 0755 /var/www/html/
I use php5.6 and Apache2.4.6 in centOS7.5
I put a php file in /var/www/html
like this :
<?php
echo (__DIR__ . "/test.text");
file_put_contents(__DIR__ . "/test.text","test text");
when I access this file through web browser(google chrome), file_put_contents do not function.
but,when I execute this file in console, file_put_contents do function. it make test.text file.
Is this problem due to server setting? or some php function doesn't work in access by a browser?
this is httpd/error_log
[Tue Oct 30 13:35:13.191011 2018] [:error] [pid 15037] [client XX.XXX.XX.XXX:29220] PHP Warning:
file_put_contents(/var/www/html/test.text): failed to open stream: Permission denied in /var/www/html/fpc2.php on line 3
but, this file's permission is 777.
Right. So it is a permissions problem. You need to make sure that the "user" that runs the php code has permission to write into the directory. I don't know to which user to give the permission, but it may be "web". Try:
sudo chgrp -R web /var/www/html
then
sudo chmod -R g+w *
I'm seeing weird Ubuntu permission issues only on a single .csv file when trying to access with php. The file is list.csv, owned by ubuntu:www-data, and ubuntu user is part of www-data group. The rest of the site works fine, no permission issues, but I see the following error when trying to load this file with php:
PHP Fatal error: Uncaught exception 'RuntimeException' with message 'SplFileObject::__construct(xxx/list.csv): failed to open stream: Permission denied'
If i do chown www-data:www-data list.csv, i can load with php. Why is this file not being loaded by php if owned by ubuntu, even if ubuntu is part of www-data group?
Additionally, I can open this file as ubuntu user (vi list.csv) read and write.
Edit: Permissions on the file are: -rwxr-xr-x 1 ubuntu www-data
Edit again: Changed permissions to 0644 -rw-r--r-- 1 ubuntu www-data no luck
Edit some more: File lives in a directory that has x permission:
drwxr-xr-x 3 ubuntu www-data 4096 Jul 28 23:09 content/
Not sure it has anything to do with execute permissions as I can change owner to www-data:www-data and the file gets loaded. It would seem its something to do with user ubuntu owning the file and not www-data
Edit: Its this line of code that errors out, trying to load .csv file into php SplFileObject:
SplFileObject::__construct("xxx/content/list.csv");
I can see in the OP that the only difference between the owner and group is write permission (you have tried xr and r with the group). So, I suspect your PHP is trying to open the file in write mode.
To confirm this try:
$myCSV = new SplFileInfo('YOUR CSV');
$myCSV->isReadable(); // should be true
$myCSV->isWritable(); //expecting this to be false
Edit: If that's whats going with your program you can open the file just in read mode using: $myCSV->openFile('r')
Your server might have the PHP open_basedir parameter set which would prevent access to any files outside of this directory.
To verify this have a look into your relevant php.ini file (for example /etc/php5/apache2/php.ini) and check if the open_basedir line is set.
This is driving me insane. httpd runs as the user apache. I have two directories within /var/www/html -- uploads and photos. Both have group:owner of apache:apache. Both are 755. uploads is writable from php -- photos is not.
Some test code:
var_dump(touch('/var/www/html/photos/_test.log'));
var_dump(touch('/var/www/html/uploads/_test.log'));
var_dump(touch('/var/www/html/uploadsasdf/_test.log'));
And results:
Warning: touch(): Unable to create file /var/www/html/photos/_test.log because Permission denied in /var/www/html/test.php on line 2
bool(false)
bool(true)
Warning: touch(): Unable to create file /var/www/html/uploadsasdf/_test.log because Permission denied in /var/www/html/test.php on line 4
bool(false)
I've confirmed permissions through a shell and GUI interface. I've chowned and chmoded everything again just to be sure. I've renamed the uploads directory to something else and renamed photos to uploads to see if the name of the directory was the key here, but it wasn't. It's the directory itself. The renamed uploads still works with a new name, and the photos directory that is now called "uploads" does not.
Of note, _test.log does not exist in the folders before testing, so it's not like that file has bad permissions or anything.
Interestingly, if I create a new directory, chown it to apache:apache, chmod it to 777, I can't write to it, so something larger may be wrong here; but the question remains: why then does the uploads directory work?
Has anyone seen this behavior before? Am I missing something obvious?
Thanks in advance for any help!
Edited to add more info:
exec('whoami')
"apache"
var_dump(posix_getpwuid(fileowner('/var/www/html/')));
var_dump(posix_getpwuid(fileowner('/var/www/html/uploads/')));
var_dump(posix_getpwuid(fileowner('/var/www/html/photos/')));
all "apache"
All have the same fileperms() value. However, is_writable() is false on all but "uploads".
mkdir('var/www/html/test');
Warning: mkdir(): Permission denied
ls-alF
drwxr-xr-x. 2 apache apache 286720 Nov 22 15:17 photos/
drwxr-xr-x. 2 apache apache 81920 Nov 22 12:06 uploads/
drwxr-xr-x. 2 apache apache 6 Nov 22 10:31 uploadsasdf/
I have called clearstatcache(); I have rebooted the server. What ... on ... Earth?
Since you are using CentOS and and you've tried everything else, my guess would be something related to SELinux. One of the answers from this question may be helpful Forbidden You don't have permission to access on this server. Centos 6 / Laravel 4
Specifically try this to analyze SELinux permissions (ls -lZ) and temporarily disable SELinux:
If you're using CentOS it could be an issue with selinux. Check to see if selinux is enabled with 'sestatus'. If it is enabled, you can check to see if that is the issue (temporarily) using 'sudo setenforce 0'. If apache can serve the site, then you just need to change the context of the files recursively using 'sudo chcon -R -t httpd_sys_content_t' (you can check the existing context using 'ls -Z'.
If selinux is enabled (sestatus will tell you), try sudo restorecon -Rv /var/www/ first. Sounds much like SELinux is getting in the way and you somehow have got a file/directory there which is not labelled correctly. Restorecon will revert labels to default, and -v will show you which labels have been corrected, if any.
Failing that, extended attributes come to mind. do lsattr <filename> and if the output looks anything like ------i-----, the immutable flag is set. Change it with chattr -i <filename> and you're good to go.
So, I have this error:
Warning: fopen(/path/to/test-in.txt) [function.fopen]: failed to open stream: Permission denied
Performing ls -l in the directory where test-in.txt is produces the following output:
-rw-r--r-- 1 $USER $USER 1921 Sep 6 20:09 test-in.txt
-rw-r--r-- 1 $USER $USER 0 Sep 6 20:08 test-out.txt
In order to get past this, I decided to perform the following:
chgrp -R www-data /path/to/php/webroot
And then did:
chmod g+rw /path/to/php/webroot
Yet, I still get this error when I run my php5 script to open the file. Why is this happening? I've tried this using LAMP as well as cherokee through CGI, so it can't be this.
Is there a solution of some sort?
Edit
I'll also add that I'm just developing via localhost right now.
Update - PHP fopen() line
$fullpath = $this->fileRoot . $this->fileInData['fileName'];
$file_ptr = fopen( $fullpath, 'r+' );
I should also mention I'd like to stick with Cherokee if possible. What's this deal about setting file permissions for Apache/Cherokee?
Check if the user that PHP runs under have "X" permission on every directory of the file path.
It will need it to access the file
If your file is: /path/to/test-in.txt
You should have X permission on:
/path
/path/to
and read permission on /path/to/test-in.txt
Another reason of this error may be that the directory of file does not exist.
I just add php code before fopen:
if(!file_exists(dirname($file)))
mkdir(dirname($file));
This help me out.