I have really simplified it do to: mkdir(sys_get_temp_dir().'/test', 0777); which returns error
Warning: mkdir() [function.mkdir]: Permission denied in
Not sure what has happened (had quite a few problems recently with my Mac) although it appears as though it is a simple permissions problem somewhere.
sys_get_temp_dir() = /var/folders/aP/aPaKHnXDGqG-75bSdcDjkk+++TI/-Tmp-
sh-3.2# ls -ld /var/folders/
drwxr-xr-x 4 root wheel 136 12 Jul 00:51 /var/folders/
sh-3.2# ls -ld /var/folders/aP/
drwxr-xr-x 3 root wheel 102 12 Jul 00:40 /var/folders/aP/
sh-3.2# ls -ld /var/folders/aP/aPaKHnXDGqG-75bSdcDjkk+++TI/
drwxr-xr-x 4 myuser staff 136 12 Jul 00:44 /var/folders/aP/aPaKHnXDGqG-75bSdcDjkk+++TI/
Using Snow Leopard 10.6.8
MAMP Pro with Memcache extension.
Open up your terminal on your mac and type in:
chmod -R 777 /path/to/directory
Warning: Although this removes all restrictions to write/read access on such directory, 777 is a very open and insecure mode.
Related
I'm having permissions problems when running the following PHP script as root:
#!/usr/bin/php
<?php
$ph = proc_open('whoami', [['pipe','r'],['pipe','w'],['file','/tmp/foo.bar', 'w']], $fds);
if ($ph) {
echo 'command output: ' . stream_get_contents($fds[1]);
proc_close($ph);
} else {
echo 'proc_open failed' . PHP_EOL;
}
The script itself runs fine if /tmp/foo.bar doesn't exist, or is owned by root. But if ownership is changed to another user, proc_open will fail regardless of permissions on the file.
SELinux is disabled, and we are not using ACLs. I'm using PHP 7.4.33 (I know it's old and unsupported, but it's a requirement for FreePBX) on Alma Linux 9.1.
Output:
$ ./test.php
command output: root
$ ls -lah /tmp/
total 12K
drwxrwxrwt. 18 root root 4.0K Dec 14 16:57 .
dr-xr-xr-x. 18 root root 4.0K Dec 14 16:48 ..
-rw-r--r-- 1 root root 0 Dec 14 16:57 foo.bar
$ chown admin /tmp/foo.bar
$ ./test.php
proc_open failed
$ chmod 777 /tmp/foo.bar
$ ./test.php
proc_open failed
$ ls -lah /tmp/
total 12K
drwxrwxrwt. 18 root root 4.0K Dec 14 16:57 .
dr-xr-xr-x. 18 root root 4.0K Dec 14 16:48 ..
-rwxrwxrwx 1 admin root 0 Dec 14 16:57 foo.bar
$ tail -2 /var/log/php.log
[14-Dec-2022 16:57:17 America/Toronto] PHP Warning: proc_open(/tmp/foo.bar): failed to open stream: Permission denied in /test.php on line 3
[14-Dec-2022 16:57:28 America/Toronto] PHP Warning: proc_open(/tmp/foo.bar): failed to open stream: Permission denied in /test.php on line 3
Even disregarding the fact that I'm root, group permissions should allow me full access to the file. So what's going on?
This is due to the permissions on the /tmp directory. When PHP tries to open the file for writing, it gets the EACCES error. From the documentation of open(2):
EACCES
Where O_CREAT is specified, the protected_fifos or protected_regular sysctl is enabled, the file already exists and is a FIFO or regular file, the owner of the file is neither the current user nor the owner of the containing directory, and the containing directory is both world- or group-writable and sticky. For details, see the descriptions of /proc/sys/fs/protected_fifos and /proc/sys/fs/protected_regular in proc(5).
/tmp has the sticky bit set so that anyone can create files there, but users can only delete their own files. Although root can bypass this deletion restriction, it can't bypass the above check in open().
Ok I tried this in a different directory than /tmp, as suggested in comments, and it worked as expected. Using that to hone my search terms I was able pretty quickly to find this U&L answer. Beginning with kernel 4.19 the fs.protected_regular kernel parameter was made available. This parameter:
Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder.
Apparently it's enabled by default. So because /tmp is world-writable and sticky, I can't touch files that aren't mine – even if I'm root. For the record, if I have to disable this feature:
sysctl fs.protected_regular=0
echo 'fs.protected_regular=0' > /etc/sysctl.d/90-writabletemp.conf
But I'll be better off trying to work around it in the code somehow.
EDIT 01 UPDATE:
ERROR Showing UP Warning: mkdir(): Permission denied in
/var/www/html/projeto01/index.php on line 7 Sucess. Dir Created
EDIT 02
Change to FEDORA and is working.
Thank you guys
before submitting this topic I read and tried all the topics here. No success.
The environment is working great until here. Php 7.4, Apache, Mysql Workbench, Atom... i can code and select from database, everything was great.
The code is working with no error execpt it did not create the directory. :/
If i create the dir manually, return the message that it already exist.
After read a lot of topics and get help from facebook.
I did change on group polices. Not worked.
chmod on the folder, not worked.
On CENTOS the apache user is APACHE instead www:data
ls -l /var/www return:
drwxr-x---. 2 apache apache 6 Nov 16 13:19 cgi-bin
drwxrwxrwx. 3 apache apache 39 Mar 19 13:54 html
ls -l /var/www/html return:
-rw-r--r--. 1 root root 86 Mar 19 00:09 info.php
drwxrwxrwx. 2 apache apache 23 Mar 19 13:58 projeto01
ls -l /var/www/html/projeto1 return:
-rwxrwxrwx. 1 root root 148 Mar 19 15:14 index.php
Thanks for the help!
My code is:
> <?php
$name = "images";
if (!is_dir($name)) {
mkdir($name);
echo "Sucess. Dir Created.";
} else {
echo "Dir already exist. $name";
}
?>
I am trying to move file to another folder but it gives Permission denied error. Here is the permission of that files.
-rwxrwxrwx 1 root www-data 394 Oct 11 14:40 namechange.xml*
-rwxrwxrwx 1 root www-data 395 Oct 11 14:40 namechange1.xml*
-rwxrwxrwx 1 root www-data 345 Oct 11 14:40 roomchange.xml*
and here id the code that I used to move files
rename("resources/xml_checkin/namechange.xml", "resources/xml_checkout/test.xml")
;
Follow these steps:
Please open your terminal
Login with ssh
locate to the destination file using cd /var/www/html
Give permission to the particular folder using command chmod -R 777 path/folder or command chmod -R 777 path/filename
First try to change the chmod to 775, if it doesn't work then use 777
then try to move your files and see the result.
If issue persists again, let me know.
I'm trying to get a simple PHP file to work on a linux Centos 7 server using apache. The problem is that the php code doesn't seem to have permission to write to the folder. The simple test php file below illustrates the problem
<?php
echo shell_exec('whoami');
echo "<br>";
$myfile = fopen("test.txt","w") or die("could not open test file");
fclose($myfile);
?>;
Just to try to get it to work I have done
sudo chmod -R a+rwx /var/www
and yet I keep getting the "could not open test file" error message. What am I doing wrong? Incidentally, the 'whoami' is coming back as 'apache'
**Edit*
In the light of the suggestion below I've done some changes and am now showing the full permissioning for the folders. I've created the group www-data and have added the user apache to it.
[prompt]$ groups apache
apache : apache www-data
For /var/www:
0 drwxrwsrwx. 4 root www-data 33 Jul 27 08:19 www
For /var/www/html:
0 drwxrwsrwx. 2 root www-data 137 Jul 27 12:43 html
The file I'm trying to load:
4 -rwxrwxrwx. 1 root www-data 182 Jul 27 12:40 test.php
It's still not working unfortunately. Might it be something in the apache configuration? Any suggestions would be much appreciated
Here are two options you can try
Option 1
Make sure the group is www-data on '/var/www'.
prompt> sudo chgrp www-data /var/www
Make '/var/www' writable for the group.
prompt> sudo chmod 775 /var/www
Set the GID for www-data for all sub-folders.
prompt> sudo chmod g+s /var/www
Your directory should look like this on an 'ls -l' output.
drwxrwsr-x
Last, add your user name to the www-data group (secondary group).
prompt> sudo useradd -aG www-data [USERNAME]
Option 2
Use the mod_userdir as described in https://httpd.apache.org/docs/2.4/mod/mod_userdir.html
I would recommend the first option as it suits your needs better.
I have an PHP website on a RHEL5/CentOS dedicated server. The website is located at /var/www/html/beta
I have a script:
/var/www/html/beta/scriptA.php
which calls a function in
/var/www/html/beta/code/inc/functions.php
The function uses move_uploaded_file() as follows:
$status = move_uploaded_file($imagetmp_name,$destinationPath);
Printing these values shows:
imagetmp_name=/tmp/phpiECxB6
destinationPath=in_upload/images/907770756_publicpage.jpg
status=false
Which I thought should have worked since 'in_upload/images' exists:
drwxr-xr-x 5 root root 4096 Oct 19 07:40 in_upload
and
drwxr-xr-x 2 root root 4096 Oct 19 07:40 images
What am I doing wrong?
You don't have writing permisions to in_upload neither images, only for root.
Use
chmod a+w in_upload
chmod a+w images
or change that directories' owner/group to the user, under which is apache running.
example:
chown apache:apache in_upload
chmod g+w in_upload