Before you start killing me about how I should not chmod 777, this is rather different than what's in many other topics.
The situation now is that I have this directory NOT accessible from the web (/var/lib/folder/) but I want PHP to be able to access it so that it can read, write and execute from the directory.
A simple solution would be to chmod (as root), 777 the folder, but here comes the problem.
Another user, say John, writes to this directory. As anyone would know, files that John write entitles him to be the owner, and as such PHP is not the owner. Somehow, files that John write always become 755 instead of 777 (and as a result PHP cannot access).
Is there any way to either:
Make John always write to that directory in 777
or
Make the directory such that all files that John write become fully accessible to PHP.
You don't need chmod.
Set an ACL on the directory:
setfacl -R -d -m u:php:rwx /var/lib/folder/
This gives user php rwx rights for new files (-d = default).
You can change the ACL for existing files in the folder with:
setfacl -R -m u:php:rwx /var/lib/folder/
Related
I am trying to write a query to a file for debugging. The file is in database/execute.php. The file I want to write to is database/queries.php.
I am trying to use file_put_contents('queries.txt', $query)
But I am getting
file_put_contents(queries.txt) [function.file-put-contents]:
failed to open stream: Permission
denied
I have the queries.txt file chmod'd to 777, what could the issue be?
Try adjusting the directory permissions.
from a terminal, run chmod 777 database (from the directory that contains the database folder)
apache and nobody will have access to this directory if it is chmodd'ed correctly.
The other thing to do is echo "getcwd()". This will show you the current directory, and if this isn't '/something.../database/' then you'll need to change 'query.txt' to the full path for your server.
You can make Apache (www-data), the owner of the folder:
sudo chown -R www-data:www-data /var/www
that should make file_put_contents work now. But for more security you better also set the permissions like below:
find /var/www -type d -print0 | xargs -0 chmod 0755 # folder
find /var/www -type f -print0 | xargs -0 chmod 0644 # files
change /var/www to the root folder of your php files
There's no need to manually write queries to a file like this. MySQL has logging support built in, you just need to enable it within your dev environment.
Take a look at the documentation for the 'general query log'.
This can be resolved in resolved with the following steps :
1. $ php artisan cache:clear
2. $ sudo chmod -R 777 storage
3. $ composer dump-autoload
Hope it helps
I know that it is a very old question, but I wanted to add the good solution with some in depth explanation. You will have to execute two statements on Ubuntu like systems and then it works like a charm.
Permissions in Linux can be represented with three digits. The first digit defines the permission of the owner of the files. The second digit the permissions of a specific group of users. The third digit defines the permissions for all users who are not the owner nor member of the group.
The webserver is supposed to execute with an id that is a member of the group. The webserver should never run with the same id as the owner of the files and directories. In Ubuntu runs apache under the id www-data. That id should be a member of the group for whom the permissions are specified.
To give the directory in which you want to change the content of files the proper rights, execute the statement:
find %DIR% -type d -exec chmod 770 {} \;
.That would imply in the question of the OP that the permissions for the directory %ROOT%/database should be changed accordingly. It is therefor important not to have files within that directory that should never get changed, or removed. It is therefor best practice to create a separate directory for files whose content must be changed.
Reading permissions (4) for a directory means being able to collect all files and directories with their metadata within a directory. Write permissions (2) gives the permission to change the content of the directory. Implying adding and removing files, changing permissions etc.. Execution permission (1) means that you have the right to go into that directory. Without the latter is it impossible to go deeper into the directory. The webserver needs read, write and execute permissions when the content of a file should be changed. Therefor needs the group the digit 7.
The second statement is in the question of the OP:
find %DOCUMENT_ROOT%/database -type f -exec chmod 760 {} \;
Being able to read and write a document is required, but it is not required to execute the file. The 7 is given to the owner of the files, the 6 to the group. The webserver does not need to have the permission to execute the file in order to change its content. Those write permissions should only be given to files in that directory.
All other users should not be given any permission.
For directories that do not require to change its files are group permissions of 5 sufficient.
Documentation about permissions and some examples:
https://wiki.debian.org/Permissions
https://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
http://www.linux.org/threads/file-permissions-chmod.4094/
Gathering info from this link stackoverflow-image save doesn't work with chmod 777 and from user azerafati and Loek Bergman
if you were to look under /etc/apache/envvars file you will see something like:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
Apache is run under the username 'www-data'
'0755' means the file owner can read/write/execute but group and other users cannot write. so in ur terminal, cd to the folder containing your 'images' folder. then type:
find images -type d -exec chmod 0755 {} \;
find images -type f -exec chmod 0755 {} \;
sudo chown -R www-data:www-data images
you must change persmissions first before changing owner.
enter your password when prompted. this will make 'www-data' owner of the images folder.
your upload should now work.
I use a shared Linux hosting, when my admin changed the php to 5.3 I got many errors for the "file_put_contents" code. try to test my plan:
In your host create a file like mytest.php, and put this code in and save:
<?php mail('Your-EMail','Email-Title','Email-Message'); ?>
Open the URL "www.your-domain.com/mytest.php" one time and then check your email. You should have an email from your host with the information you entered in mytest.php, check the sender name. If it's from Nobody you have problem about "Permission Denied" because something not defined and if the sender name is like my id: iietj8qy#hostname5.netly.net you don't have a problem.
My admin changed the server and installed the host again I think and the problem got solved, tell your host administration what I told you and maybe they find the answer.
If you are pulling from git from local to server, you will need to clear cache sometimes because of the view files it gets uploaded with it / or other cached files .
php artisan cache:clear
Sometimes it might just to the trick if your application was working before the git pull
this might help. It worked for me. try it in the terminal
setenforce 0
For anyone using Ubuntu and receiving this error when loading the page locally, but not on a web hosting service,
I just fixed this by opening up nautilus (sudo nautilus) and right click on the file you're trying to open, click properties > Settings > and give read write to 'everyone else'
use this cammand to give permission for storage/framework and logs
sudo chmod -R 777 storage/logs storage/framework
if you still have a permission error
try this to give group to write in log
sudo chmod g+w storage/logs
had the same problem; my issue was selinux was set to enforcing.
I kept getting the "failed to open stream: Permission denied" error even after chmoding to 777 and making sure all parent folders had execute permissions for the apache user. Turns out my issue was that selinux was set to enforcing (I'm on centos7), this is a devbox so I turned it off.
I ran into the same issue, I'm using Laravel, so what I just did was:
php artisan view:clear
And fixed!
I stopped the virus scanner (Avast). That solved the problem! It eventually appeared that Avast had a ransomware shield blocking the write actions to the documentroot folder(s). Adding the shield exceptions for the individual programs (PHP, Tesseract) solved the issue!
Here the solution.
To copy an img from an URL.
this URL: http://url/img.jpg
$image_Url=file_get_contents('http://url/img.jpg');
create the desired path finish the name with .jpg
$file_destino_path="imagenes/my_image.jpg";
file_put_contents($file_destino_path, $image_Url)
There 2 way to resolve this issues
1. use chmod 777 path-to-your-directory.
if it does not work then
2. simply provide the complete path of your file query.txt.
Furthermore, as said in file_put_contents man page in php.net, beware of naming issues.
file_put_contents($dir."/file.txt", "hello");
may not work (even though it is correct on syntax), but
file_put_contents("$dir/file.txt", "hello");
works. I experienced this on different php installed servers.
I am trying to open/read and copy/delete files on the disk in a Linux-system, using a PHP-script. The files remain in Billy's directory (/home/billy/uploads), all sent by FTP. They have basic rights (rw on the user only) and are owned by, according to 'ls -lr', by billy:billy.
Trying to fopen or copy the file does not work, neither chown or chmod using PHP.
How can I make the 'PHP-user', www-data, to do what I want? What is need to be done? I set the owner of the containing directory, 'uploads', to be www-data, but no luck there.
A quick but dirty way would be to loosen the safety on "billy's" home files. You still can make other files non readable to others, but you have to keep it in mind.
First, (using user billy, sudo rights or root) make /home/billy/ accessible to others, but only this: remove any rights (read-write-execute) from anyone else:
chmod og-rwx /home/billy/*
chmod 755 /home/billy/
second, make uploads writable and accessible to others:
chmod 777 /home/billy/uploads/
if you want existing content to be visible you might need something like
chmod -R og+r /home/billy/uploads/*
I'm trying to avoid 777 permissions for a directory that handles file uploads on a Linux server. PHP/Apache must be able to write to this particular directory, but I don't want to make it world-writable.
What're the best-practices for this?
I am not too familiar with the CLI, so my attempts to solve this using chgrp and chown have not yielded any results.
Thanks!
ACLs if supported. You could do something as simple as setfacl -R -m u:www-data:rwx,d:u:www-data:rwx /path/to/directory to allow apache to write to that specific directory (and all later created directories as well)
I am trying to write a query to a file for debugging. The file is in database/execute.php. The file I want to write to is database/queries.php.
I am trying to use file_put_contents('queries.txt', $query)
But I am getting
file_put_contents(queries.txt) [function.file-put-contents]:
failed to open stream: Permission
denied
I have the queries.txt file chmod'd to 777, what could the issue be?
Try adjusting the directory permissions.
from a terminal, run chmod 777 database (from the directory that contains the database folder)
apache and nobody will have access to this directory if it is chmodd'ed correctly.
The other thing to do is echo "getcwd()". This will show you the current directory, and if this isn't '/something.../database/' then you'll need to change 'query.txt' to the full path for your server.
You can make Apache (www-data), the owner of the folder:
sudo chown -R www-data:www-data /var/www
that should make file_put_contents work now. But for more security you better also set the permissions like below:
find /var/www -type d -print0 | xargs -0 chmod 0755 # folder
find /var/www -type f -print0 | xargs -0 chmod 0644 # files
change /var/www to the root folder of your php files
There's no need to manually write queries to a file like this. MySQL has logging support built in, you just need to enable it within your dev environment.
Take a look at the documentation for the 'general query log'.
This can be resolved in resolved with the following steps :
1. $ php artisan cache:clear
2. $ sudo chmod -R 777 storage
3. $ composer dump-autoload
Hope it helps
I know that it is a very old question, but I wanted to add the good solution with some in depth explanation. You will have to execute two statements on Ubuntu like systems and then it works like a charm.
Permissions in Linux can be represented with three digits. The first digit defines the permission of the owner of the files. The second digit the permissions of a specific group of users. The third digit defines the permissions for all users who are not the owner nor member of the group.
The webserver is supposed to execute with an id that is a member of the group. The webserver should never run with the same id as the owner of the files and directories. In Ubuntu runs apache under the id www-data. That id should be a member of the group for whom the permissions are specified.
To give the directory in which you want to change the content of files the proper rights, execute the statement:
find %DIR% -type d -exec chmod 770 {} \;
.That would imply in the question of the OP that the permissions for the directory %ROOT%/database should be changed accordingly. It is therefor important not to have files within that directory that should never get changed, or removed. It is therefor best practice to create a separate directory for files whose content must be changed.
Reading permissions (4) for a directory means being able to collect all files and directories with their metadata within a directory. Write permissions (2) gives the permission to change the content of the directory. Implying adding and removing files, changing permissions etc.. Execution permission (1) means that you have the right to go into that directory. Without the latter is it impossible to go deeper into the directory. The webserver needs read, write and execute permissions when the content of a file should be changed. Therefor needs the group the digit 7.
The second statement is in the question of the OP:
find %DOCUMENT_ROOT%/database -type f -exec chmod 760 {} \;
Being able to read and write a document is required, but it is not required to execute the file. The 7 is given to the owner of the files, the 6 to the group. The webserver does not need to have the permission to execute the file in order to change its content. Those write permissions should only be given to files in that directory.
All other users should not be given any permission.
For directories that do not require to change its files are group permissions of 5 sufficient.
Documentation about permissions and some examples:
https://wiki.debian.org/Permissions
https://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
http://www.linux.org/threads/file-permissions-chmod.4094/
Gathering info from this link stackoverflow-image save doesn't work with chmod 777 and from user azerafati and Loek Bergman
if you were to look under /etc/apache/envvars file you will see something like:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
Apache is run under the username 'www-data'
'0755' means the file owner can read/write/execute but group and other users cannot write. so in ur terminal, cd to the folder containing your 'images' folder. then type:
find images -type d -exec chmod 0755 {} \;
find images -type f -exec chmod 0755 {} \;
sudo chown -R www-data:www-data images
you must change persmissions first before changing owner.
enter your password when prompted. this will make 'www-data' owner of the images folder.
your upload should now work.
I use a shared Linux hosting, when my admin changed the php to 5.3 I got many errors for the "file_put_contents" code. try to test my plan:
In your host create a file like mytest.php, and put this code in and save:
<?php mail('Your-EMail','Email-Title','Email-Message'); ?>
Open the URL "www.your-domain.com/mytest.php" one time and then check your email. You should have an email from your host with the information you entered in mytest.php, check the sender name. If it's from Nobody you have problem about "Permission Denied" because something not defined and if the sender name is like my id: iietj8qy#hostname5.netly.net you don't have a problem.
My admin changed the server and installed the host again I think and the problem got solved, tell your host administration what I told you and maybe they find the answer.
If you are pulling from git from local to server, you will need to clear cache sometimes because of the view files it gets uploaded with it / or other cached files .
php artisan cache:clear
Sometimes it might just to the trick if your application was working before the git pull
this might help. It worked for me. try it in the terminal
setenforce 0
For anyone using Ubuntu and receiving this error when loading the page locally, but not on a web hosting service,
I just fixed this by opening up nautilus (sudo nautilus) and right click on the file you're trying to open, click properties > Settings > and give read write to 'everyone else'
use this cammand to give permission for storage/framework and logs
sudo chmod -R 777 storage/logs storage/framework
if you still have a permission error
try this to give group to write in log
sudo chmod g+w storage/logs
had the same problem; my issue was selinux was set to enforcing.
I kept getting the "failed to open stream: Permission denied" error even after chmoding to 777 and making sure all parent folders had execute permissions for the apache user. Turns out my issue was that selinux was set to enforcing (I'm on centos7), this is a devbox so I turned it off.
I ran into the same issue, I'm using Laravel, so what I just did was:
php artisan view:clear
And fixed!
I stopped the virus scanner (Avast). That solved the problem! It eventually appeared that Avast had a ransomware shield blocking the write actions to the documentroot folder(s). Adding the shield exceptions for the individual programs (PHP, Tesseract) solved the issue!
Here the solution.
To copy an img from an URL.
this URL: http://url/img.jpg
$image_Url=file_get_contents('http://url/img.jpg');
create the desired path finish the name with .jpg
$file_destino_path="imagenes/my_image.jpg";
file_put_contents($file_destino_path, $image_Url)
There 2 way to resolve this issues
1. use chmod 777 path-to-your-directory.
if it does not work then
2. simply provide the complete path of your file query.txt.
Furthermore, as said in file_put_contents man page in php.net, beware of naming issues.
file_put_contents($dir."/file.txt", "hello");
may not work (even though it is correct on syntax), but
file_put_contents("$dir/file.txt", "hello");
works. I experienced this on different php installed servers.
I want my PHP software to be able to auto update. For this to work, I need PHP to be able to write into files both existing and non-existing (create). Will it always work if I just CHMOD the target files to be 0777 and then write into it? Or does the PHP/Apache/wtvr process need to be the owner of the file?
Sometimes when people upload using an FTP account, the owner might be different from the PHP process, is this a problem?
Edit: I'm building a PHP application, I can't know on which configurations the app will run on, and I can't modify any server related settings. I can do what PHP can do, like chown(), chmod().
I have one server where, when files are uploaded through FTP, the ownership of the file changes to the ftp user which has caused a few permission problems in the past.
We use groups to get round this
For example, you could create a usergroup for accessing the files and add apache plus each of your ftp users to the group:
usermod -a -G appUpdaters www
usermod -a -G appUpdaters ftp1
usermod -a -G appUpdaters ftp2
etc...
Then you can chown the file/folders to a user + group and chmod to 775
chown www.appUpdaters foldername
chmod 775 foldername
That way if the ownership changes to ftp1.appUpdaters or ftp2.appUpdaters, the other users can still write to the file.
Like I say, I don't seem to need this on all the servers I use so I guess whether you do or not depends on your server config. If you do decide to use groups tho, I find this link comes in handy sometimes
http://www.cyberciti.biz/faq/howto-linux-add-user-to-group/
Make the folder that you want to upload into owned by your www server. Then your php script will be able to write into that folder if it's chmodded 755.
# chown www somefolder
# chmod 755 !$
(Don't make other stuff in your web files owned by www).