I am working on apache sever and generating some tmpdir using follwoing code.
$tmpdatadir = "/home/user/tmpdata/".$id."/";
if (mkdir($tmpdatadir)) {
/* do something */
}
dir created:
drwxr-xr-x 2 www-data www-data 4096 Aug 30 17:16 147257020639481
but when i try to write some data using
exec ("cat file.txt >". $tmpdatadir."sample.txt")
i get following error message.
permission denied. As i copy file as user:user so how can i change permision of directory. I found chown does this but i am not sure how can i change ownership of whole directory.
First of all, please review the permissions for www-data folder with ls /lrt, is that way you can see if your user is able to write on the file.
Then, you can use the command: chmod 666 www-data to change the permission of the file to read and write for all users, in this link you can find the syntax for chmod command and a useful calculator if you want limit other users.
Also I share with you the specific functions for commands chown and chmod. See this site.
Related
I've tried to use chmod function in php to change permissions to 777 temporarily, upload the file and then change it back to 755. But it didn't work, as it doesn't allow me to use the chmod function via php.
if(chmod($path, 0777) ) {
if(!move_uploaded_file($oldfile, $newfileloc)) {
return false;
}
chmod($path, 0755);
return true;
}
else
return false;
I had it working on my previous server with 755 permissions given to the folder.
I'm not sure how permissions work, so please help, thanks!
EDIT:
What permissions should my /var/www folder have so that web-server can write files?
EDIT 2:
Okay, I had this figured out. I just have to give permissions to www-data:www-data to make sure webserver has all the required permissions.
But, the issue I'm getting is that when I have /var/www has chown www-data:www-data, the php functions are working fine but I'm getting permissions denied error when using FileZilla. So right now I have to change permissions to root:www-data everytime I need to transfer something via FileZilla and then back to www-data:www-data to make sure my webserver's working fine. Anyone got a fix for this?
you can give 755 permission. But You have to change owner and group for /var/www/ folder. It should have www-data's ownership and group ownership. Check first which user has ownership and group ownership for this folder. run this below command.
ll /var/www/
if it has root access then it would look like this.
drwxr-xr-x. 2 root root 23 Mar 21 17:33 html
change the owner and group owner to www-data user using below command.
chown -R www-data:www.data /var/www
You can keep folder permission 755. -R option is use for giving permission recursively to its child folders and files.
I wanted to create a folder on "/home/ec2-user/MyDir/test" on AWs but It is saying permission denied though I given enough permission to the directory.
<?php
$brideOrderFolder = '/home/ec2-user/MyDir/test';
if (!#mkdir($brideOrderFolder)) {
$error = error_get_last();
echo $error['message']; //Error: mkdir(): Permission denied
}
exit;
?>
Here is my folder permission.
[ec2-user#ip-xx-xxx-xxx-xxx MyDir]$ ls -ld
drwxrwxrwx 5 ec2-user ec2-user 4096 Aug 23 14:24 .
Can't I make dir at "/home/ec2-user" dir in AWS?
Change owner of parent directory to "apache" user.
$sudo chown apache:apache /var/www/html/PATHTOYOURDIR/
In order to make any changes to any folder or file on Linux, the application or user should be under that group.
Use ls -l for the folder ec2-user and see which user/ group has permissions to rw this folder and I am sure www-data do not have permission to r/w this folder. Ec2-user has right to his folder by default.
You can create fresh group and change owner group for this folder.
Alternately I ll suggest to
Step1: create folder under www/ec2-user-temp/
And now php can simply create folders under this folder.
Step2: schedule a copy Command under crontab to copy folder recursively to ec2-user. Crontab can execute it at intervals you define.
Or you can create sym link to replicate folders files automatically as soon as they are created under www folder. You can learn commands from here
https://blog.bartbania.com/raspberry_pi/create-symbolic-links-in-linux/
For security avoid any php or serverside application to make changes to folders or files outside your webroot or www folder.
I hope this helps.
i used $sudo chown ec2-user:ec2-user /var/www/html/ and it worked! thanks #pranjitsingh for the heads up.
I'm having trouble handling the uploaded files on my web server.
First the file is uploaded to the temp server by user "daemon" then I copy the file to www/myapp/files folder by the "www-data" user. Everything works fine, I can read and write to the file, but when I try to delete the file I get an error. Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.
My question is how can I fix this?
I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.
EDIT:
As requested file permissions:
-rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE
The parent folder has 0777 permissions
You can add both users to one group like this:
usermod -a -G groupName userName
And then set up r\w permissions for that group
Avoid assumptions
Everything works fine, I can read and write to the file
This indicates that the file permissions themselves, and ownership, permit current usage. If as you say apache is running as www-data, it directly contradicts this:
As requested file permissions: -rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE
Which would mean the file is not writable to www-data.
Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.
The above statement is not true - ownership of a file does not affect who can delete it.
I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.
How about not ruling out solutions until you have a choice =)?
Deleting a file uses directory permissions, not file permissions
This is easily verifiable:
-> pwd
/tmp/so
-> whoami
www-data
-> ls -la
total 8
dr-xr-xr-x 2 www-data www-data 4096 Feb 18 14:34 .
drwxrwxrwt 8 root root 4096 Feb 18 14:36 ..
-rw-rw-r-- 1 www-data www-data 0 Feb 18 14:34 a-file
-> rm a-file
rm: cannot remove `a-file': Permission denied
note there is no write permissions to the folder /tmp/so - it's the only permission that matters. Here's another existing answer as a supportive reference.
So given that, the only solution is to ensure that the user attempting to delete a-file has write permission to the containing folder, which means for example:
# assuming daemon is the owner
chmod 7x7 www/myapp/files
^ www-data is not the owner or in the group daemon - so world perms apply
Or
chown www-data:www-data www/myapp/files
chmod 7x7 www/myapp/files
^ daemon needs write permission to the folder too
Or
chown www-data:sharedgroup www/myapp/files
chmod 77x www/myapp/files
^ daemon now reads the group perm, www-data is the owner
(With the upload process running as daemon:sharedgroup)
The above are one-time-only commands that need running; after which there is no need to modify the permissions for any file or folder to permit both www-data and daemon to manipulate files in www/myapp/files.
I'm using CodeIgniter's upload helper and received the above error when trying to upload an image. The permissions for the folder I'm trying to upload to are 755. When I changed it to 777, the error went away, but isn't 777 kind of a security risk?
I'm running on Apache. Is there a better way to allow users to upload files without setting the folder permissions to 777? How can I get 755 to work?
Thanks for the help!
If the folder is for loading files by users than permisision 777 is required.
It's up to you to validate what files are loaded through upload script.
Also you can use .htaccess to alow or not alow certain files to be executed from that directory.
The documentation for upload in codeigniter it's pretty simple and intuitive. Also here you can look at some ways to validate the type of files that are uploaded https://codeigniter.com/userguide3/libraries/file_uploading.html
I don't think so giving any folder on server 777 permission is good. Instead giving 777 permission i suggest make www-data user as owner of desired folder and give 755 permission like below
chown -R www-data:www-data /var/www/html/uploads/
For 755 permission
chmod 755 -R /var/www/html/uploads/
In my NGINX + PHP-FPM installation the issue was solved changing the SElinux parameters from enforcing to permissive:
edit and change options with vi /etc/selinux/config
apply options without restart with sudo setenforce 0
check the status with sestatus.
try this:
sudo chmod 777 -R /path/to/write/folder
I know this is not an active question and may not be an issue for most but because I came across this I wanted to clarify for anyone else that may see this.
You DO NOT need 777 permission on your upload directory. This is actually not a good idea. The last 7 means it is public writable which does not need to be in most cases. Typically 755 should be good enough
More than likely the issue is that the directory is not owned but the user running Apache which is typically www-data
Step by step:
Check owner of dir (i.e.)
ls -l /path/to/upload/
Output should show similar
drwxr-xr-x 4 www-data www-data 4096 Oct 26 20:41 uploads
If not then you should change to www-data if that is the user Apache is running under. To check what user apache is running under :
ps aux | egrep '(apache|httpd)'
This should list something similar:
www-data 419 0.0 0.9 556292 156656 ? S 18:46 0:00 /usr/sbin/apache2 -k start
Hope This Helps!
When php-script is trying to write to a file:
-rwxr-xr-x. 1 eugene_val eugene_val 8033 Sep 10 10:47 ajax_EN.json
I get an error:
fopen(ajax_EN.json): failed to open stream: Permission denied
I wonder what could be an appropriate solution to it taking security into consideration.
The options I could think of are:
1) chown this file to apache user and chmod it to 700
2) add apache to a group of the file-owner
3) use suPHP and likes(which I would not like to because of the performance hit)
A better choice is to change the file's group to the Apache user group, and set the file to be group-writable:
$ chgrp <apache_group> ajax_EN.json
$ chmod g+w ajax_EN.json
The permissions of the path for this file also matter. Even if you chmod 777 the file, if the user trying to read it doesn't have read permissions for the path, they still won't be able to read the file.