I'm trying to give access to a php uploader to write uploaded files to folders outside of apache's scope.
Folder c in this case represents the root of Windows Server 2012
The apache folder:
/cygdrive/c/apache24 (c:\apache24)
The php folder:
/cygdrive/c/php
The uploader folder:
/cygdrive/c/apache24/htdocs/uploader
Uploader directive:
define('RELATIVE_UPLOAD_DIR', '/cygdrive/c/Users/myusername');
define('UPLOAD_DIR', rtrim(dirname($_SERVER['SCRIPT_FILENAME']), '/') . '/' . RELATIVE_UPLOAD_DIR);
The uploader will upload files to the uploader's folder, but i am trying to upload files to Windows Users folder.
/cygdrive/c/Users/myusername
How can i enable the Users folder and subtree in php.ini so the uploader can write files to it?
In a *Nix environment you would have to make the target directory writable by the apache process owner. If you don't know what that is, take a look in the httpd.conf file. Look for two lines like:
User _www
Group _www
That user must have write access to any target directory. I guess it's just the same in Windows.
I must admit to not liking the idea of writing to user directories though. Might be better to have a rethink on what you are trying to do and find a way to keep userland safe and secure, whilst giving them access to the data.
Related
I've been tasked with sorting out a rather dated file upload script that uses move_uploaded_file()
I cannot for the life of me get it to actually upload the file to a directory unless it has 777s (obviously I know 777s are bad). The directory is owned by apache (in fact the whole httpdocs has been recursively chown-ed to apache:apache)... but the file still won't upload. The permissions are 755.
I've checked the apache configuration and the user and group are both correct (group: apache user: apache), and the file is 58kb so well within the max upload limit of the server.
PHP is running as FastCGI module.
Any ideas on what is causing this? Thanks.
I'm running XAMPP on Ubuntu, and I copied the lampp folder to /opt/. I also downloaded CodeIgniter to htdocs/, and created and modified some files in it, including changing their permissions. Are there files in CodeIgniter that I shouldn't set permission to full, because maybe then once I upload them onto a server anyone can see their contents?
Ideally, your CodeIgniter should be setup such that the application and system folder lie outside your document root. Only the index.php file along with any assets (images, javascript, css etc.) should lie within the document root.
As for file permissions, 755 works fine. There's no need for full permissions 777.
I think this question should be something easy but after searching all over the web I couldnt find an answer, so I decided to ask here.
I have a file uploader in my website that works with php. The folder where files are being uploaded has 777 chmod. I also have a php script to list the files in that folder. What I need is to allow php to upload and browse files on that folder, but dont allow people to do it. The only solution I imagined is to chown that folder to another user different than default, so I could later chmod in filezilla and allow only owner to do it, so people will see the files trough the output of the php script, but not if they navigate to that folder.
Im using Debian, apache2. Id like to know what could I do.
To make it shor, my aim: allow php to upload, read, write and execute files in that folder, but not clients unless they use my php script.
Thanks in advance
Put all the files you're talking about in their own directory. Add a .htaccess file to that directory. The contents of the .htaccess should be deny from all.
This will prevent any user from manually accessing the files as access will be blocked off. Your PHP script can still browse the contents of the file and serve it up as an attachment with the correct content type.
For more info on how to serve a file for download in PHP, read this: https://serverfault.com/questions/316814/php-serve-a-file-for-download-without-providing-the-direct-link
All services including web servers run in a security context which is an account in the OS, for example apache starts using apache user in apache group. It is enough to change mode and change owner to this user and group. Never chmod a directory to 777 until there is a good explanation for that. Using this trick, web service process only can read, write and execute in that directory.
As well, if you want the browser clients not to see(read) the contents of that directory, you should deny listing on that directory. I think it is disabled for default.
In my project, I have to upload some video files to a folder which lies outside the root folder. I am using simple php function move_uploaded_file to upload the file. I have tried with the code below.
$source = $_FILES['Filedata']['tmp_name'];
$targetFile = '/usr/local/WowzaMediaServer-3.1.1/content/video.mp4'
move_uploaded_file($source,$targetFile);
But it is not working. Can we done it through move_uploaded_file. if not, suggest a better option to do this.
I have seen some similar question but nothing helps. So any help would be appreciated..
Are you sure you're not in a chroot jail?
If so, your "absolute" path name could be pointing to the wrong place-- somewhere that doesn't exist.
If so, change the path to point to somewhere within the jail.
It may be necessary to mount --bind the directory you want this to go in into some location within the jail. (Note that a symbolic link will not work for getting out of jail.)
More than likely this is a simple permissions issue and quite easy to solve.
Find the user that apache uses. To do this open up your httpd.conf file and look for something like:
User apache
Group apache
Change the ownership of the folder that you're trying to upload to.
chown -R apache.apache /usr/local/WowzaMediaServer-3.1.1/content/
Change the permissions of the folder
chmod -R 775 /usr/local/WowzaMediaServer-3.1.1/content/
And that should be that.
I'm going to assume you're using Apache for the purposes of this answer.
First off, is the file being uploaded ok? One possible reason you might have trouble is that the tmp directory isn't writable by the webserver, or readable come to that. Assuming that's ok then move_uploaded_file should work fine.
Create a folder next to your DOCUMENT_ROOT, let's call it "filestore". Make sure it's writable by www-data or whichever user runs apache. Now, you should be able to move the files into that folder. Note they will be owned by www-data:www-data typically - or whatever user and group your server is set up to run as. The reason I put the "filestore" folder next to the DOCUMENT_ROOT folder is that you can be sure the webserver can read the file path up to DOCUMENT_ROOT. Otherwise you run the risk of a folder part way up the path not being readable, and that'll stop you dead. e.g. if you have /usr/local/media as your target folder and /usr/local isn't readable (and executable) by the webserver, you're toast.
If all this works and you absolutely must have you media elsewhere, you can have the "filestore" folder anywhere so long as the whole path to it is read/executable by the webserver. Check each directory in the path.
If these uploaded files are being downloaded by other users via the web then the "filestore" folder only needs to have permissions of 700 since it's always going to be the web server's user which reads them. If other users need access, typically because other software running as a different user needs to use them then you might need permissions to be 750 to allow group members to read (and execute) the directory. You'll also need to add that other user to the www-data group.
For downloads you will need to write a simple script which dumps the file to the browser after doing some authentication checks. That way, you avoid having the media accessible just via http without having any authentication done first - which could make your service into an attractive place for illegal files (copyright violations being the least concern here).
This is a dangerous approach as it gives root privileges to the apache user, so use with caution.
Add the apache user to the list of sudoers - which will let you execute commands as root in php via system('sudo the_command'). Then move the uploaded file to a temporary location that the apache user can write do (eg. create a 'tmp' directory in the doc root). Then use system("sudo mv \"$source\" \"$destination\""); to move the temporary file to it's final location.
You can find the apache user by executing <?php echo exec('whoami'); ?>. Then add the following entry to sudoers the-apache-user ALL=(ALL) NOPASSWD: ALL. Use visudo to add the sudoer entry.
Example:
$source = $_FILES['Filedata']['tmp_name'];
$targetFile = '/usr/local/WowzaMediaServer-3.1.1/content/video.mp4'
$tempLocation = 'tmp/temp-file.mp4';
move_uploaded_file($source, $tempLocation);
system('sudo mv "' . $tempLocation . '" "' . $targetFile . '"');
Edit: Related question - How to run PHP exec() as root?
Always you face a problem with your code, look at the server log or easier turn on errors display. That said, your problem could be related to upload_tmp_dir setting. Check what a phpinfo() tells about that or look at your php.inifile.
A better solution would be to write the file somewhere where you can write (i.e. under the webroot) and then create a symlink from the media directory to be to where you wrote it.
For example:
Web Root is /var/www/html
You want it at /usr/local/WowzaMediaServer-3.1.1/content/
Create directory /var/www/html/mediaserver/content/
Make permissions on /var/www/html/mediaserver/content/ 777 (so apache can write to it)
Copy files from /usr/local/WowzaMediaServer-3.1.1/content/ to /var/www/html/mediaserver/content/
Delete /usr/local/WowzaMediaServer-3.1.1/content/ (just the "content" directory)
Create symlink from /usr/local/WowzaMediaServer-3.1.1/content/ to /var/www/html/mediaserver/content/
Then you have permissions to read/write, and the media server should too. Only issue would be if the media server is trained not to read symlinks - but you can find that out quickly enough.
i have developed an application on Macintosh using MAMP
when i upload it to the server which is powered by Cpanel11, CentOS 5.. it gives several error regarding file permissions by default it gives 0700 file permission to most of the files which does not work within my server. i would want to know how do i apply the file permission settings for my PHP application,
the directory structure or the rule i want to apply is for the following conditions.
a)File uploading Directory
b) most of the php file is using include_once()
c) the normal php files which communicates with each other.
thank you
File uploads in PHP first hit the defined temporary directory (see 'upload_tmp_dir' directive in your PHP.ini) and finally your intended destination directory (PHP command "move_uploaded_file").
Your PHP process runs as a certain user that needs to own the destination directory or is in a group that is allowed to write to this directory - unless the whole directory is not writable for everyone (it's not in your case).
Try chmod after move_uploaded_file.