I am trying to give someone FTP access to an NGINX /var/www/sitename folder on an Ubuntu server so they can upload development files. I have created a user 'developername' and assigned them to the 'www-data-' group. They are able to upload files, but the images (apparently only the images) are not displaying on the site. I need to SSH in and change all of the files to www-data:www-data in order for them to display correctly.
I'm trying to find a way for this user to upload files and either automatically change them to www-data:www-data or to allow NGINX to use the developername:www-data files. Do you have any ideas?
I've just been using git for a couple of years now and had tried my best to not use FTP at all anymore... This setup is a little infuriating.
Thanks for your time and any responses!
In case someone else runs into this, I first got uploaded files to automatically be in the correct group by doing this:
chmod g+s root_web_folder_name
This made all uploaded files already have the www-data group. Then I went and updated the local_umask setting in the vsftpd.conf file:
local_umask=0002
Now images are appearing when the developer uploads new files. Make sure to set permissions correctly there, I just have it lax because it's a quick test site.
Related
I have a WordPress site on my webserver and have recently copied it to my localhost testing environment using XAMPP (bitnami) to work on it, and proceeded to re-upload the site back to the server without issue.
Now, everything is functioning fine except for uploading images. Whenever I attempt to upload them, it says it cannot write to the directory.
I have tried turning off date/time arrangement of images, I've tried manually creating the folder its trying to use and temporarily setting the permissions of it to 777 and it works. However, when I change them back to 755 it stops allowing uploads again.
Like I said this has only happened since copying my localhost wordpress back. I've read it may be due to the account WordPress is using to create/write files. Is there any way to find out what this account is? And how would I ensure it has the correct permissions? Could it somehow have inherited the Bitnami XAMPP WordPress account since I copied the files/DB over?
I have access to my sites cPanel if that helps.
don't change permissions change owner
sudo chown www-data:www-data /folderName
So I created a couple of directories and files with FTP, thus the owner is the username I use to login to the server. Now I'd like to allow users of the website to upload images to those directories. Unfortunately for the website to store images, it should be owned by Apache. How can I fix this? I've been reading around on this but can't directly find an answer.
I don't have SSH, so I guess all command-line-things are not applicable for me.
Edit
I tried to then make the folders again using apache, but now ofcourse I can't write any files using ftp into those directories.
Provided that at least the one directory is writeable by the apache user (lets call this directory 'writeabledir', it may be your root dir '/'), you must delete the folders you created via ftp and create a php script to create the directories you need.
If for example you want a directory called users and inside it another directory called upload
Create file makedirs.php on your server.
<?php
$oldumask = umask(0);
mkdir("writeabledir/users/upload",0777,true); // or even 01777 so you get the sticky bit set
umask($oldumask);
?>
Now run your makedirs.php once, by calling your.serv.er/makedirs.php on your browser
EDIT:
If you don't want to delete and recreate your directories,you could always try to change file permissions from ftp.
For exampe with FileZilla, just right click on the desired folder and set permissions to 777. If your ftp user does not have permission to do this, then there is no other way, except from asking an administrator to do this for you.
EDIT2:
Added umask to ensure that folders created by apache are writeable by everyone. (taken from http://us3.php.net/manual/en/function.mkdir.php#1207 )
Friend looks I work in php, some versions change the way of solution, however the most common is already that you want to store it would be necessary to create a database and import it to esu code that also serves to some images you want to come place, plus the wisest thing to do and you create a database with the fields necessary for its realization, import, put in a file directory of your schedule, you also advise using aptana Studio 3 greatly facilitates the creation of codes among many things and low xampp it already comes with apache integrated in one place will help you a lot any questions on installation just look at youtube he will describe
I think this question should be something easy but after searching all over the web I couldnt find an answer, so I decided to ask here.
I have a file uploader in my website that works with php. The folder where files are being uploaded has 777 chmod. I also have a php script to list the files in that folder. What I need is to allow php to upload and browse files on that folder, but dont allow people to do it. The only solution I imagined is to chown that folder to another user different than default, so I could later chmod in filezilla and allow only owner to do it, so people will see the files trough the output of the php script, but not if they navigate to that folder.
Im using Debian, apache2. Id like to know what could I do.
To make it shor, my aim: allow php to upload, read, write and execute files in that folder, but not clients unless they use my php script.
Thanks in advance
Put all the files you're talking about in their own directory. Add a .htaccess file to that directory. The contents of the .htaccess should be deny from all.
This will prevent any user from manually accessing the files as access will be blocked off. Your PHP script can still browse the contents of the file and serve it up as an attachment with the correct content type.
For more info on how to serve a file for download in PHP, read this: https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
All services including web servers run in a security context which is an account in the OS, for example apache starts using apache user in apache group. It is enough to change mode and change owner to this user and group. Never chmod a directory to 777 until there is a good explanation for that. Using this trick, web service process only can read, write and execute in that directory.
As well, if you want the browser clients not to see(read) the contents of that directory, you should deny listing on that directory. I think it is disabled for default.
I'm on mac osx10.6.8. I'm using XAMPP. I'm running all my script through firefox by typing in localhost/index.php etc. All the scripts run, and everything I've written so far works fine.
Right now, I'm able to browse my folders and upload images. It will successfully save and rename an image and store it in my htdocs folder. The problem is when I try to display the image that was just saved.
I have the following code:
<img src="file:///applications/XAMPP/xamppfiles/htdocs/Images/1921304523pvyNZ.jpg">
If I type in file:///applications/XAMPP/xamppfiles/htdocs/Images/1921304523pvyNZ.jpg in the address bar, the picture comes up. But when I try to use img src, just a broken image shows up. When I click on get info for that broken image, it gives me the exact address and even displays the image in "media preview." Why, then won't it display it in the website?
Instead of file://, use http://localhost/path/to/image/ .. then the images will be served through xampp rather than from the filesystem. I expect this is a security feature of your browser, not to mix filesystem and http-served content.
In your case, you probably want http://localhost/Images/1921304523pvyNZ.jpg
Also, make sure 'Images' does indeed have an upper case 'I'. No big deal on OSX but will be if you deploy on a Linux/UNIX server.
As Fabricio points out, you can/should reference the images relatively, and keep your web application easy to deploy. So if you are displaying http://localhost/index.php, the image path is just Images/xxxx.jpg.
I had a similar issue. I found the problem by looking at my Xampp error log. For some reason my images file permissions were very limited. -rx------... I just changed the file permission to allow all users to be able to read those files. Just a note in my opinion since I am lazy, others will probably disagree, you can give them full permission if it is on your own computer, i.e. 777. But in best practice you should only give the files the permissions that are needed for security reasons...
Since you are using a Mac you can use the chmod command to do this in terminal.
go to the file directory in terminal.
cd /Applications/XAMP/xamppfiles/htdocs/.../images/
then type in
chmod 644 yourfilename.extension
you can confirm that is was changed by using ls -l
644 should give you -rw-r--r-- This should be pretty secure.
I have one issue in one of my site. When I upload an image, it creates a folder and then uploading images inside the folder. Creating folder is working fine for me, but image can not be uploaded. move_uploaded_files is returning false without any error message.
When I checked manually, All folders have proper 777 permission. When folder is created by my code, owner is "apache".
But, when I created a folder manually via ftp, then owner is my username "aayushi", for this folder, upload image is working fine.
Any idea how can I fix the issue? OR how can I give rights to "apache" owner to upload images...
Thanks in advance.
When a folder is created, the owner will be the user who created the folder - in your ftp client, this is the user you logged in as; in PHP, this will be the user the PHP script runs as (in this case, the apache user). Most likely, your problem is the umask setting of Apache when it creates these folders. Setting the umask is covered in the PHP manual.
If you can find a copy of Sklar and Trachtenberg's "PHP Cookbook" somewhere, check out Recipe 19.11 ("Making New Directories") for a bit more discussion on how this works - there may be other tutorials as well, but this is one I found to be pretty clear.