I wanted to create a folder on "/home/ec2-user/MyDir/test" on AWs but It is saying permission denied though I given enough permission to the directory.
<?php
$brideOrderFolder = '/home/ec2-user/MyDir/test';
if (!#mkdir($brideOrderFolder)) {
$error = error_get_last();
echo $error['message']; //Error: mkdir(): Permission denied
}
exit;
?>
Here is my folder permission.
[ec2-user#ip-xx-xxx-xxx-xxx MyDir]$ ls -ld
drwxrwxrwx 5 ec2-user ec2-user 4096 Aug 23 14:24 .
Can't I make dir at "/home/ec2-user" dir in AWS?
Change owner of parent directory to "apache" user.
$sudo chown apache:apache /var/www/html/PATHTOYOURDIR/
In order to make any changes to any folder or file on Linux, the application or user should be under that group.
Use ls -l for the folder ec2-user and see which user/ group has permissions to rw this folder and I am sure www-data do not have permission to r/w this folder. Ec2-user has right to his folder by default.
You can create fresh group and change owner group for this folder.
Alternately I ll suggest to
Step1: create folder under www/ec2-user-temp/
And now php can simply create folders under this folder.
Step2: schedule a copy Command under crontab to copy folder recursively to ec2-user. Crontab can execute it at intervals you define.
Or you can create sym link to replicate folders files automatically as soon as they are created under www folder. You can learn commands from here
https://blog.bartbania.com/raspberry_pi/create-symbolic-links-in-linux/
For security avoid any php or serverside application to make changes to folders or files outside your webroot or www folder.
I hope this helps.
i used $sudo chown ec2-user:ec2-user /var/www/html/ and it worked! thanks #pranjitsingh for the heads up.
Related
I am working on apache sever and generating some tmpdir using follwoing code.
$tmpdatadir = "/home/user/tmpdata/".$id."/";
if (mkdir($tmpdatadir)) {
/* do something */
}
dir created:
drwxr-xr-x 2 www-data www-data 4096 Aug 30 17:16 147257020639481
but when i try to write some data using
exec ("cat file.txt >". $tmpdatadir."sample.txt")
i get following error message.
permission denied. As i copy file as user:user so how can i change permision of directory. I found chown does this but i am not sure how can i change ownership of whole directory.
First of all, please review the permissions for www-data folder with ls /lrt, is that way you can see if your user is able to write on the file.
Then, you can use the command: chmod 666 www-data to change the permission of the file to read and write for all users, in this link you can find the syntax for chmod command and a useful calculator if you want limit other users.
Also I share with you the specific functions for commands chown and chmod. See this site.
I've tried to use chmod function in php to change permissions to 777 temporarily, upload the file and then change it back to 755. But it didn't work, as it doesn't allow me to use the chmod function via php.
if(chmod($path, 0777) ) {
if(!move_uploaded_file($oldfile, $newfileloc)) {
return false;
}
chmod($path, 0755);
return true;
}
else
return false;
I had it working on my previous server with 755 permissions given to the folder.
I'm not sure how permissions work, so please help, thanks!
EDIT:
What permissions should my /var/www folder have so that web-server can write files?
EDIT 2:
Okay, I had this figured out. I just have to give permissions to www-data:www-data to make sure webserver has all the required permissions.
But, the issue I'm getting is that when I have /var/www has chown www-data:www-data, the php functions are working fine but I'm getting permissions denied error when using FileZilla. So right now I have to change permissions to root:www-data everytime I need to transfer something via FileZilla and then back to www-data:www-data to make sure my webserver's working fine. Anyone got a fix for this?
you can give 755 permission. But You have to change owner and group for /var/www/ folder. It should have www-data's ownership and group ownership. Check first which user has ownership and group ownership for this folder. run this below command.
ll /var/www/
if it has root access then it would look like this.
drwxr-xr-x. 2 root root 23 Mar 21 17:33 html
change the owner and group owner to www-data user using below command.
chown -R www-data:www.data /var/www
You can keep folder permission 755. -R option is use for giving permission recursively to its child folders and files.
I'm implementing a file upload in symfony2. My File entity is owned by a User, and represents the uploaded file. The uploaded files should not be accessible for anyone except admins and the owner. For addressing this (apart from securing the controller), I save them in a directory which is not under /web/. I called this directory /private_files/ (and is located at the root of the project).
To allow the web server to write to that directory I ran this (I'm on Mac OS X Mavericks):
$ sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" private_files/
$ sudo chmod +a "www allow delete,write,append,file_inherit,directory_inherit" private_files/
The uploading works fine. However when trying to delete the files through the controller, with
unlink($path)
I get the error "Warning: unlink(path/to/file): Permission denied".
When listing the files on the terminal with ls -al, I get
drwxr-xr-x+ 3 myuser staff 204 Mar 23 11:59 .
drwxr-xr-x 24 myuser staff 816 Mar 21 19:51 ..
-rw-r--r-- 1 _www wheel 7395585 Mar 23 11:59 uploaded_file_1
where I notice that the uploaded files lack the executable permission and the "+" which represents the ACLs.
What's the correct approach to allow these files to be deleted with the unlink method? Should the files inherit the ACLs (and if so, how)? Or should a chmod be applied on the directory? Thanks a lot.
I think it is because your folder is not owned by apache user which handle php.
because you created the folder /private_files/ with another user not with apache user, for the app/cache is created programically so he own it and can create/delete. i will update it as answer
I'm having trouble handling the uploaded files on my web server.
First the file is uploaded to the temp server by user "daemon" then I copy the file to www/myapp/files folder by the "www-data" user. Everything works fine, I can read and write to the file, but when I try to delete the file I get an error. Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.
My question is how can I fix this?
I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.
EDIT:
As requested file permissions:
-rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE
The parent folder has 0777 permissions
You can add both users to one group like this:
usermod -a -G groupName userName
And then set up r\w permissions for that group
Avoid assumptions
Everything works fine, I can read and write to the file
This indicates that the file permissions themselves, and ownership, permit current usage. If as you say apache is running as www-data, it directly contradicts this:
As requested file permissions: -rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE
Which would mean the file is not writable to www-data.
Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.
The above statement is not true - ownership of a file does not affect who can delete it.
I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.
How about not ruling out solutions until you have a choice =)?
Deleting a file uses directory permissions, not file permissions
This is easily verifiable:
-> pwd
/tmp/so
-> whoami
www-data
-> ls -la
total 8
dr-xr-xr-x 2 www-data www-data 4096 Feb 18 14:34 .
drwxrwxrwt 8 root root 4096 Feb 18 14:36 ..
-rw-rw-r-- 1 www-data www-data 0 Feb 18 14:34 a-file
-> rm a-file
rm: cannot remove `a-file': Permission denied
note there is no write permissions to the folder /tmp/so - it's the only permission that matters. Here's another existing answer as a supportive reference.
So given that, the only solution is to ensure that the user attempting to delete a-file has write permission to the containing folder, which means for example:
# assuming daemon is the owner
chmod 7x7 www/myapp/files
^ www-data is not the owner or in the group daemon - so world perms apply
Or
chown www-data:www-data www/myapp/files
chmod 7x7 www/myapp/files
^ daemon needs write permission to the folder too
Or
chown www-data:sharedgroup www/myapp/files
chmod 77x www/myapp/files
^ daemon now reads the group perm, www-data is the owner
(With the upload process running as daemon:sharedgroup)
The above are one-time-only commands that need running; after which there is no need to modify the permissions for any file or folder to permit both www-data and daemon to manipulate files in www/myapp/files.
I have a function in PHP language to create an xml file when requested.
if(($file= fopen("./include/catalogo.xml", "w"))==false){echo 'non creo il file'; return false;}
"catalogo.xml" can't be created, permission denied. I know I should try to change permissions, but how can do this if the file doesn't exist? Or, are there things that I ignored?
I think you might be ignoring the permissions of the directory (./include).
I'm assuming you are running this PHP via a web-server and on Linux (like Apache for example) - in which case the user account that is trying to create the file will be 'apache' or 'www-data' (or whatever user your webserver is running under).
On your server - have a look at the permissions of ./include - you need to do one of two things:
a) make ./include world writable (so the 'apache' user can now create a file inside of it).
b) change the owner or group of the ./include to 'apache' so it can create a file inside of it.
Your PHP is fine - it's the permissions of the folder it is trying to create the file inside of that is not.
You have to change the ownership of the directory "include" and set it to the web server's user and set the permission to a reasonable value:
$ sudo chow www-data include
$ sudo chmod 755 include
If you don't know which user your web-server is running by you can open the include dir permissions world-wide:
$ sudo chmod 1777 include
after create the creation of catalogo.xml you check the include diretory:
$ sudo ls -al include
-rwxr-xr-x 1 http web 4096 May 5 15:37 catalogo-xml
Now you can change the ownership of the directory "include" and set it to the web server's user (http) and reset the permission to a reasonable value:
$ sudo chow http include
$ sudo chmod 755 include
See also the manual of chmod, chown and ls:
$ man chmod
$ man chown
$ man ls
If you use the terminal and go to the parent of folder your file will be created in, which is the parent of the include folder and type in the command:
chmod 777 include
This should change the permissions of this folder so you won't receive the permission denied error anymore. If you do try this command:
chmod -R 777 include