I am developing an application which is having 2 servers. The first one is Web Server, where I save my PHP files and another one is File Server where I am storing all the files uploaded by the user.
I want to assign the write permission to directory at runtime so that I can upload the file and after uploading the file I need to change its permission to its previous state.
When I tried chomod(FILE_PATH, 0755). It shows me an error. Assign write permission as root. I have the administrator level credentials of File Server.
What I want is to "Grant permission 777 to the directory by logging in as root at runtime"
Kindly help if there is any code sample available. Thanks in Advance.
You do NOT want to have your server logging in as root. Let me say that again. You really do NOT want your webserver to be logged on as root. If you did that, anyone that got control of PHP could do anything at all on the server. It is seriously unadvisable.
What you want to do is change the owner of the folder to either be the webserver, or assign it into the same group so that the webserver can happily change your folder options and the like.
You can use sudo chown username somedir to change the owner. This article might also help clear up permissions for you.
Edit: Try this blog post for a fairly good broad-ranging article on linux permissions.
Related
I am using Jasperreports for generating the reports. When I am generating the new reports it will be own by root with permission of 644. So other users dont have permission to view this report.I want to change the ownership of the file or change the permission.So everyone can view or download the reports.
I tried below php functions
chmod($item, 0777);
chown($path, 'www-data');
It gives
error: dont have permission to do this
. Because its own by root and current user is www-data.
Anyone please help me,
Actually, based on what you're saying, all users have permissions to view that file. 644 means owner can read and write, and group and others can only read. If your script is getting an error reading that file, it might be because of the permissions of the directories in is path, but not the file itself.
If you could change the owner or permissions of a file owned by root like that, it would subvert the whole concept of unix file permissions. Think about it.
You can always change the user running these reports though, or add logic on the report generation side to move or change the permissions on the file as the user who owns it.
As an aside, chmod 777 is an ugly kludge used only by those who have little knowledge of unix permissions . Professionals don't do it. You should bump your understanding of unix file permissions to the next level:
https://www.tutorialspoint.com/unix/unix-file-permission.htm looks promising.
According to the manual, the owner and the supersuer have the right to do this.
And you only chage the file mod or owner, will not do. You have also to change the path.
chown
Attempts to change the owner of the file filename to user user. Only
the superuser may change the owner of a file.
Note: This function will not work on remote files as the file to be examined must be accessible via the server's filesystem.
Note: When safe mode is enabled, PHP checks whether the files or directories being operated upon have the same UID (owner) as the
script that is being executed.
chmod
Attempts to change the mode of the specified file to that given in
mode. Note: The current user is the user under which PHP runs. It is
probably not the same user you use for normal shell or FTP access. The
mode can be changed only by user who owns the file on most systems.
Note: This function will not work on remote files as the file to be
examined must be accessible via the server's filesystem.
Note: When safe mode is enabled, PHP checks whether the files or
directories you are about to operate on have the same UID (owner) as
the script that is being executed. In addition, you cannot set the
SUID, SGID and sticky bits.
I have a php page that writes files onto my local PC, into a specific folder named UploadedImages. This all works fine. The problem is that when I go to look at the file (always an image file -- a .png in this case), and double-click it, windows says I don't have permission to view it. Again, file permissions on the UploadedImages folder is wide open (Everyone -> Read/Write), and my login account has Full Control, and my login account is the Owner of the folder.
If I right-click the file and go into permissions, it shows that I have no permissions on the file. I can go in and grant myself ownership and permissions, then view it -- but it makes no sense that I have to do this every time.
How can I permanently solve this so that every file my php script writes into that folder I have automatic/full access to it?
I am running Windows 10, IIS 10.0 and PHP 5.6.11. It appears that IUSR account is getting the permissions, but why would I (the ADMIN on the folder) have all my rights revoked just because php writes a file there? Thank you.
One of solutions is try to run web server under certain user (not admin) to which you have full access rights.
Second possible solution: maybe your virtual host config contains directive which force server to work under admin or user to which you dont have access - try to change it.
#SweatCoder: You said:
Again, file permissions on the UploadedImages folder is wide open (Everyone -> Read/Write), and my login account has Full Control, and my login account is the Owner of the folder.
[...]
If I right-click the file and go into permissions, it shows that I have no permissions on the file. I can go in and grant myself ownership and permissions, then view it
This is what's called "inheritance". You need to set inheritance on the folder, so permissions on files are inherited from the parent directory.
//edit: see the icacls help information in cmd.exe:
icacls /?
I have a access to the server where many wordpress blogs are hosted. Initially the permission to uploads folder were set to 777(Recursively) but this caused problems to our server and malicious files where uploaded due to which our server is blacklisted.
I have deleted all those PHP files under uploads folder and set the permission to 755.
Now the problem is that the admin users to wordpress blogs/sites unable to upload media files.
Please guide me what I can do so that they can upload files (images or videos).
Can we set something which will ask FTP details when they upload files using wordpress admin. I can create FTP users for this.
Please Guide.
Not sure what type of error you are getting. But you can try this
add this line to
define('UPLOADS', 'wp-content/uploads');
wp-config.php
just before below line
require_once(ABSPATH.’wp-settings.php’);
If the directory doesn’t already exist, WordPress will automatically create it as long as the wp-content folder is writeable.
Hey I just set the Permission to chmod -v 747 uploads and it worked. Atleast better than 777.
But would like to here suggestion if this is risky. If risky then how much. I am new to permissions and server management.
Thanks !
I know this is an old thread but I found it high in the results for an unrelated issue I am having. It seemed by the permission modes being used #vanurag was actually having a user/group permissions issue rather than the permission modes (755 vs 777) issue.
You can find the web server user with var_dump(whoami()) in php, could be something like www-data.
Once know the user name verify that user is either the owner of the folder or is in the group assigned to the folder. You can use the following in Linux console to find current user/group.
ls -l /path/to/wp-content/uploads
Either add the web server user (www-data) as the owner and leave the group as it is or add the user to the group who have permissions.
Use chown (change owner) to set your users to your needs.
I usually add the user to the group rather than change the owner since the owner could be an FTP user and may mess up permissions used else where in your configuration.
usermod -g www-data foobar where foobar is the name of the group who has permissions to the uploads folder.
Here is a decent article on this issue in respect to WordPress uploads folder.
https://www.digitalocean.com/community/questions/proper-permissions-for-web-server-s-directory
I'm trying to use this Dagon Design PHP form to help a local non-profit publication enable their readers to submit photos. I've got the "mailer" part working -- the notifications work fine -- but the "saving a file to a folder" part isn't functioning.
On the form page, the author says "the directory must have write permissions," but I'm not sure "who" is writing to that folder -- is this PHP script considered "Owner" when it saves something on my site? Or do I need to allow save permissions for Owner, Group and Others?
I'm not sure why the script isn't saving the photos, but this seems like a good place to start. I've tried looking around on Stack for answers, but most questions seem to have to do with folder creation/permissions.
The page I'm clumsily trying to build is here, if that helps.
As Jon has said already, you don't want to allow write access to everyone.
It's also possible (depending on the hosting) that something like suEXEC is being employed - which will cause your PHP script to run as a user other than the webserver's (as reported by Dunhamzzz).
Probably your best approach, in my opinion, is a script calling whoami:
passthru('whoami');
Or alternatively you could try:
var_dump(posix_getpwuid(posix_geteuid()));
Bear in mind, this does give system information away to the world - so delete the script once you've used it!
Then, as you've correctly asserted in your question, it'll likely be the file permissions.
If you do have CLI access, you can update the permissions safely as so (first command gets the group)
id -n -g <username>
chmod 770 <directory>
chown <username>:<group> <directory>
(You may have to pre-pend "sudo" to the "chown" command above, or find other means to run it as "root"..., reply back if you get stuck.)
If you've not got access to run command-line, you'll presumably be doing this via a (S)FTP client or the alike. I'm afraid the options get a little to broad at that point, you'll have to figure it out (or reply back with the client you're using!)
As always, YMMV.
Finally, bear in mind if this is your own code, people will at some point try uploading PHP scripts (or worse). If that directory is accessible via a public URL ... you're opening the hugest of security holes! (.htaccess, or non-document root locations are your friend.)
If you are not sure how is your server configured (and this would influence who's the final file owner) then add write permission to anyone (chmod a+w folder), upload one file and ls -l to see the owner. Then you can adjust permissions to allow write access to certain users only
The PHP script that saves the files is running with the privileges of some user account on the server; the specific account depends on your OS and the web server configuration. On Linux and when PHP is running as an Apache module this user is the same user that Apache runs as.
Solving your problem reduces to determining which user account we are talking about and then ensuring that this user has permission to write to the save directory (either as owner or as a member of the group; giving write access to everyone is not the best idea).
You'll need to set the permissions of the directory to that of the webserver (probably Apache, nginx or similiar), as that's what is executing the PHP.
You can quickly find out the apache user with ps aux | grep apache, then you want to set the permssions of the upload directory to that user, something like this:
chown -R www-data:www-data images/uploads
I want to display image through PHP.
When I put image in /var/www/ directory then it is working fine, I am giving full path.
But when I put image in some other directory (say home) then it is not displaying.
Usually, servers have some kind of sandbox which prevent your code to access files outside of it for security reasons.
I encourage you to put all data you want your server to be able to access inside its folders (/var/www directory or subdirectories of it)
First off, you should really check your error logs as they will probably point you in the right direction.
Without more information, I'd have an educated guess that the Apache user does not have rights to the file and/or the containing directories.
You can change permissions using the chown and chmod commands in a shell.
EDIT: But don't allow access to any dir with sensitive data (e.g. your home directory) to the webserver!