So I created a couple of directories and files with FTP, thus the owner is the username I use to login to the server. Now I'd like to allow users of the website to upload images to those directories. Unfortunately for the website to store images, it should be owned by Apache. How can I fix this? I've been reading around on this but can't directly find an answer.
I don't have SSH, so I guess all command-line-things are not applicable for me.
Edit
I tried to then make the folders again using apache, but now ofcourse I can't write any files using ftp into those directories.
Provided that at least the one directory is writeable by the apache user (lets call this directory 'writeabledir', it may be your root dir '/'), you must delete the folders you created via ftp and create a php script to create the directories you need.
If for example you want a directory called users and inside it another directory called upload
Create file makedirs.php on your server.
<?php
$oldumask = umask(0);
mkdir("writeabledir/users/upload",0777,true); // or even 01777 so you get the sticky bit set
umask($oldumask);
?>
Now run your makedirs.php once, by calling your.serv.er/makedirs.php on your browser
EDIT:
If you don't want to delete and recreate your directories,you could always try to change file permissions from ftp.
For exampe with FileZilla, just right click on the desired folder and set permissions to 777. If your ftp user does not have permission to do this, then there is no other way, except from asking an administrator to do this for you.
EDIT2:
Added umask to ensure that folders created by apache are writeable by everyone. (taken from http://us3.php.net/manual/en/function.mkdir.php#1207 )
Friend looks I work in php, some versions change the way of solution, however the most common is already that you want to store it would be necessary to create a database and import it to esu code that also serves to some images you want to come place, plus the wisest thing to do and you create a database with the fields necessary for its realization, import, put in a file directory of your schedule, you also advise using aptana Studio 3 greatly facilitates the creation of codes among many things and low xampp it already comes with apache integrated in one place will help you a lot any questions on installation just look at youtube he will describe
Related
My problem is: I have a huge data directory (400GB) from a website and have a second website enabled for the new design, where I have symlinked the data directory.
Now there are some file checks using is_file(), but they return false and if remove the file check, it renders the background-image for example, I can also access all the files in the browser via file listing using the non-original URL.
I've searched trough google, found some things about permissions, users, and groups. so I tried to get the user and group of the PHP-process using
$processUser = posix_getpwuid(posix_geteuid());
the whole thing is running on an ispconfig3 server and both sites are on the same server.
The user and group of the original, hard directory are web1:client1.
the user and group of the web directory with the symlink are web14:client1.
The running process is from user web14, which has its permissions set to 775 for the parent directory, where the symlink remains, and the original directory.
As I understand both users are in the same group and group has RWX or what could be the problem?
So, I solved the problem. My fault was that I was searching for errors from bottom layer to the top, cause I thought it was a permissions problem.
After many try and fails I found the not very obvious "option" panel in ISPConfig, where you could set some openbase-dir values for the clients webspace, which was chaining php to the directory. Now I just added the "main" webspace holding the 500GB data directory to the "child" webspace with the symlinked directory and its working like a charm.
Warning: my PHP was writing out with umask(022), so the group was only able to read, if you write out on the child "webspace" you have to set the umask to (002), so group is allowed to write to.
I have a script that uploads a *.csv to import into a DB table that I have which works great in linux through chmod($target, 0777); but I can't for the life of me find the solution to do exactly this but on a Windows based Apache server.
Some other posts have people responding "don't put in the 0777 and it should work" but that's not the case for me. Thanks!
Thanks to the comment left on my original post I was able to figure it out with a little more help from https://web.archive.org/web/20171121192635/http://www.howyoudo.info/index.php/how-to-fix-windows-server-upload-file-inherit-permissions-error/
The problem only happens when you use PHP to upload a file. When you upload a file, PHP sends the file to a temporary directory on the
hard drive (for me it is C:\Windows\Temp) and then copies it over to
it’s intended directory. Once the file has landed in the temporary
directory, it is assigned the permissions of that directory. The
problem is when Windows copies that file, it keeps the temporary
directory’s permissions and doesn’t inherit your web directory’s
permissions.
The easiest way to fix this problem is to add to the temporary directory your intended web directory’s permissions. There’s no need
to erase the permissions already in the temporary directory, just add
the web directory’s permissions to them. In other words, follow these
steps
To change the permissions of your temporary upload directory, find
the “upload_tmp_dir” in your php.ini file.
Set it to the directory
of your choosing (outside your web folders of course) or leave it at
default (for me it is C:\Windows\Temp).
Browse to this folder and add the permissions of your web folders to it.
While Brian Leishman's answer will work, if you do not have the ability to edit permissions on the temp folder, you can make your uploaded file inherit permissions from its new location manually with the following on the command line:
icacls "target.txt" /q /c /reset
So, using PHP's exec() function:
exec( 'icacls "target.txt" /q /c /reset' );
For details of the various icacls flags, see: https://technet.microsoft.com/en-us/library/cc753525.aspx
Tip: Using the /t flag, you can use pattern matching to process multiple files.
Is it possible to arrange file permissions/group ownership/etc in such a way that a file can be read by the function readFile() for a forced download, but it cannot be downloaded by navigating to the literal url of the file?
Maybe you could add the user that is running apache / php to the group that owns the file. And set config to read and write for owner and owner group, and no permission at all for others. (-rwxrw---- 0r 0760)
Never tested it, but it should work.
The Apache user will need read permissions. To prevent it from being navigated to, the best (and easiest) solution is to store the file outside of the web folder.
I think this question should be something easy but after searching all over the web I couldnt find an answer, so I decided to ask here.
I have a file uploader in my website that works with php. The folder where files are being uploaded has 777 chmod. I also have a php script to list the files in that folder. What I need is to allow php to upload and browse files on that folder, but dont allow people to do it. The only solution I imagined is to chown that folder to another user different than default, so I could later chmod in filezilla and allow only owner to do it, so people will see the files trough the output of the php script, but not if they navigate to that folder.
Im using Debian, apache2. Id like to know what could I do.
To make it shor, my aim: allow php to upload, read, write and execute files in that folder, but not clients unless they use my php script.
Thanks in advance
Put all the files you're talking about in their own directory. Add a .htaccess file to that directory. The contents of the .htaccess should be deny from all.
This will prevent any user from manually accessing the files as access will be blocked off. Your PHP script can still browse the contents of the file and serve it up as an attachment with the correct content type.
For more info on how to serve a file for download in PHP, read this: https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
All services including web servers run in a security context which is an account in the OS, for example apache starts using apache user in apache group. It is enough to change mode and change owner to this user and group. Never chmod a directory to 777 until there is a good explanation for that. Using this trick, web service process only can read, write and execute in that directory.
As well, if you want the browser clients not to see(read) the contents of that directory, you should deny listing on that directory. I think it is disabled for default.
I'm currently working on a website admin panel,
I added a form that adds clients to the database, what I want to do now, is to create folders for them via PHP.
So I tried to do that using the function: mkdir(),
The problem is, that when I tested the function on my "Xampp" server, it all worked just as i wanted it to.
But when I moved the file to the real host that I will use via FTP, and It just wont work the same..
ill try to explain whats wrong..:
mkdir('folderName'); //this will create a folder that i cant access through the FTP
mkdir('folderName', 0777); //creates a folder that i can access, but cant open other folders in it and cant change chmod permissions
I also need to create some nested folders for example:
mkdir('folderName/anotherFolder',0777,true); //this works on the host but again, the folders are not letting me change chmod permissions and cant create folders in them
in my xampp server i could create a few folders in a given path for example:
mkdir('folderName');
mkdir('folderName/one');
mkdir('folderName/two');
the above examples arent working on my host..
So yea sorry for writing so much, I just thought that you guys need to know those things..
Anyways, thanks in advance!
Try chgrp as well as chmod.
Other than that, the best solution in such ostensible FS situations is to do it via FTP. Major frameworks do this (including Joomla and Wordpress).
Probably you are not the owner of files/directories created by PHP script.