Im getting denied running the following function (which is located in
/var/www/mysite/public_html/app/Controllers/Script.php)
$structure = '/var/www/mysite/public_html/app/Controllers/folder1/newfolder';
if (!mkdir($structure, 0755, true)) {
die();
}
I dont want to give to the web server general root permissions and also I want to keep folder1 in 755.
What I did is to edit the sudoers file trying to give to apache root permisions just in that specific path, I added this line:
www-data ALL=NOPASSWD:
/var/www/mysite/public_html/app/Controllers/Script.php
However Im still getting the same error, what is missing here?
I do not know anything about php but must likely you is running them scripts with the wrong user
check who’s the owner of the dir.
$ ls -lash
change ownership.
$ sudo chown -R $USER:$USER /path/to/dir
chown changes owner
‘-R’ change the ownership of subdirs and files
$USER current user
phpMyAdmin worked fine with v4.7.9. Now after updating to v4.8.0 today (replacing the old phpmyadmin folder against the new one) I'm getting this message in phpMyAdmin:
The $cfg['TempDir'] (./tmp/) is not accessible. phpMyAdmin is not able
to cache templates and will be slow because of this.
I added the folder ./tmp/ like like this: /usr/share/tmp
phpMyAdmin is on: /usr/share/phpmyadmin
This didn't change anything.
Who know this error? What can I do?
Solution was to create a folder called tmp like this: /usr/share/phpmyadmin/tmp.
Also make sure that the user (or group) running the webserver (e.g. Apache) has write access to the newly created tmp folder. Consequently, change the ownership to that user or add write access for all users. The latter one might not be really advisable.
simple fix is to create tmp dir in your phpmyadmin dir and set permission to 777
mkdir tmp && chmod 777 tmp
then
update your config.inc.php file add that line
$cfg['TempDir'] = 'tmp';
I had this same problem on Ubuntu 18.04 when I replaced the phpMyAdmin version from the package repository (v4.6.6) with the latest version (4.8.0). I don't know if you are running on Ubuntu, but maybe my response will be helpful to you (or others) who encounter something similar.
I put the new version in the standard location, /usr/share/phpmyadmin/, but Ubuntu's package installation of PMA puts some configuration settings in other places (see /etc/phpmyadmin/ and /var/lib/phpmyadmin/). I found this setting in /etc/phpmyadmin/apache.conf:
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
and sure enough that directory had been created and had the proper permissions. Wanting to stay as close as possible to the package installation settings, I made this change in /usr/share/phpmyadmin/libraries/vendor_config.php and pointed directly to that folder:
//define('TEMP_DIR', './tmp/');
define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');
This setting is picked up by /usr/share/phpmyadmin/libraries/config.default.php (which you are not supposed to edit) to set $cfg['TempDir'].
In my case I added
$cfg['TempDir'] = '/usr/share/phpmyadmin/temp';
to the
config.inc.php
File within the phpmyadmin folder
Hope it will help someone
Create a temp directory owned by and restricted to the webserver user. Do not place it inside of the phpMyAdmin webroot. (In this example, the webserver runs as apache):
mkdir -p /var/tmp/phpMyAdmin
chown apache:apache /var/tmp/phpMyAdmin
chmod 700 /var/tmp/phpMyAdmin
Next, set TempDir inside of phpMyAdmin's config.inc.php:
$cfg['TempDir'] = '/var/tmp/phpMyAdmin';
Any answer suggesting that you create /usr/share/phpmyadmin/tmp is advocating bad security practice. This is generally true for temp directories, and explicitly stated in the official phpMyAdmin documentation:
For security reasons, all directories should be outside the tree
published by webserver.
For me phpmyadmin dir was found inside /opt/lampp/
open teminal inside /opt/lampp/phpmyadmin/
give root privileges to the terminal by typing sudo su command.
now in same terminal use (mkdir -p /tmp/) hit enter
now, chmod 777 /tmp
Inside phpmyadmin directory there is a file config.inc.php. Open it using same terminal .
add this line $cfg['TempDir'] = /tmp; and Save.
Now you are good to go , just reload the tab and the error will be gone.
Create a tmp folder in the base directory of the phpMyAdmin install (e.g. /usr/share/phpmyadmin/tmp), and make sure that it is writable by the user that PHP is running under.
From the phpMyAdmin documentation:
$cfg['TempDir']
Type: string
Default value: './tmp/'
The name of the directory where temporary files can be stored.
It is used for several purposes, currently:
The templates cache which speeds up page loading.
ESRI Shapefiles import, see 6.30 Import: How can I import ESRI Shapefiles?.
To work around limitations of open_basedir for uploaded files, see 1.11 I get an ‘open_basedir restriction’ while uploading a file from the import tab..
This directory should have as strict permissions as possible as the only user required to access this directory is the one who runs the webserver. If you have root privileges, simply make this user owner of this directory and make it accessible only by it:
chown www-data:www-data tmp
chmod 700 tmp
If you cannot change owner of the directory, you can achieve a similar setup using ACL:
chmod 700 tmp
setfacl -m "g:www-data:rwx" tmp
setfacl -d -m "g:www-data:rwx" tmp
If neither of above works for you, you can still make the directory chmod 777, but it might impose risk of other users on system reading and writing data in this directory.
well,in my case this error has occured when i was using ubuntu 18.04.
All you need is to go to the installation directory (in ubuntu - opt/lampp/phpmyadmin)
and create a folder tmp with all the suitable read/write permissions.
Follow these steps in case of ubuntu-
1.go to the PMA installation directory by typing following commands in cmd-
cd opt/lampp/phpmyadmin
2.Then type the following command-
sudo mkdir tmp && chmod 777 tmp
and then you are done..!!
I hope it helps..
1) create the tmp folder
mkdir /usr/share/phpmyadmin/tmp
2) findout your php user
<?php echo `whoami`; ?>
3) Change ownership of the tmp folder to the php user found in step 2
sudo chown -R step2phpuser:step2phpuser /usr/share/phpmyadmin/tmp
4) Signout of phpmyadmin and sign back in
I had the same error message. I'm using Ubuntu16.04 with lampp. You should go to 'phpmyadmin' directory, in my case '/opt/lampp/phpmyadmin/', create a new 'tmp' folder. Open a terminal window and:
cd YOUR_PATH_TO_PHPMYADMIN
sudo mkdir tmp
Now you have to change the group of the 'tmp' folder to give access to php user. In order to find it, you can create a php file inside your localhost directory, in my case 'htdocs'
sudo touch user.php
sudo nano user.php
Inside nano editor, type:
<?php echo `whoami`; ?>
Then press CTRL + O and CTRL + X to save and exit.
Open the browser and type in your address bar
localhost/user.php
It shows your php user.
After that, go to the terminal and navigate to your recently created 'tmp' directory inside phpmyadmin directory and type:
sudo chgrp YOUR_PHP_USER tmp -R
And change the permission to the 'tmp' directory:
sudo chmod 775 tmp -R
I recommend never give 777 permission to any file.
I hope it helps!
For Arch and Manjaro users:
Create a folder tmp at /etc/webapps/phpmyadmin/ - mkdir /etc/webapps/phpmyadmin/tmp
Set permission to 777 - chmod 777 /etc/webapps/phpmyadmin/tmp
Add this line to the config file at /etc/webapps/phpmyadmin/config.inc.php - $cfg['TempDir'] = '/tmp';
Cheers :)
I had the same problem but none of the answers above could solve.
In my case my php security settings was so strict protecting php to access directories out of scope defined in open_basedir located at my /etc/php.d/99-security.ini(which I added perviously from a security toturial and the settings also could be located at /etc/php.ini file in your case):
;; Limit PHP Access To File System
; Limits the PHP process from accessing files outside
; of specifically designated directories such as /var/www/html/
open_basedir="/home/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/"
change to:
open_basedir="/home/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/:'/usr/share/phpmyadmin/tmp/" ;<== changing to this solved the prblem
you just need to add your own directory in error mesage ('/usr/share/phpmyadmin/tmp/') and the end of open_basedir option. Don't forget placing separator : before adding it.
If the folder already exists for example from a previous installation:
chmod -R 777 PATH_TO_FOLDER
Therefore permission on subdirectories are also modified (recursively).
In my case [MacOs El Capitán/portuguese], the message was:
The $cfg['TempDir'] (./temp/) is not accessible
My solution, in xamppfiles/phpmyadmin/config.inc.php:
$cfg['TempDir'] = './temp/'; to $cfg['TempDir'] = '../temp/';
That is, I just added a point to the path... work's fine.
I just changed my vendor_config.php file to define('TEMP_DIR', '/tmp/'); instead of define('TEMP_DIR', './tmp/');
This seems to work.
I had a similiar problem, with the "temp" directory. The solution was to change the owner and group of the "twig" directory (inside "temp") to "apache" (both owner and group)
Create the tmp folder in the root of phpmyadmin files
In addition to that, you also need to provide all permissions to that folder. That's what I did in Windows.
My Answer goes to centos 7 Sentora users,
tmp folder has to be created under phpMyadmin of Sentora as shown below
cd /etc/sentora/panel/etc/apps/phpmyadmin/
sudo mkdir tmp
After creating the folder make sure you give Apache access permissions to the tmp folder
chown -R apache /etc/sentora/panel/etc/apps/phpmyadmin/tmp/
simply go to the phpmyadmin folder and put this code
$cfg['TempDir'] = './tmp/';
and then check tmp folder is exists or not into phpmyadmin if not exists then create tmp folder and give read and right permission to it.
For me, the error message was as follows:
The $cfg['TempDir'] (/var/lib/phpmyadmin/tmp/) is not accessible. phpMyAdmin is not able to cache templates and will be slow because of this
Then I navigate and checked the location. there was the tmp folder but was owned by www-data by default. After that, I make it writable by the user the PHP is running under. Problem solved.
I am trying to install RackTables on a Ubuntu Server 13. I have followed all the steps on the documentation. When I get to the step after I connect to the database I cant seem to figure out the ownership settings.
I have set up the database as follows :
mysql -uroot -p
create database racktables;
grant all on racktables.* to root;
grant all on racktables.* to root#localhost;
grant all on racktables.* to rackuser;
grant all on racktables.* to rackuser#localhost;
set password for rackuser#localhost=password('rackpw');
exit
Here is the step that I am stuck on;
RackTables installation: step 4 of 7
Please set ownership (chown) and/or permissions (chmod) of /var/www/racktables/inc/secret.php on the server filesystem as
follows:
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
For example, if httpd runs as user "nobody" and group "nogroup",
commands similar to the following may work (though not guaranteed to,
please consider only as an example):
chown nobody:nogroup secret.php; chmod 400 secret.php
I have tried the
chown root:rackuser /var/www/racktables/inc/secret.php
chmod 400 /var/www/racktables/inc/secret.php
I cant figure out how to set up the permissions so that they fall into this category
The file MUST NOT be writable by the httpd process.
The file MUST be readable by the httpd process.
The file should not be readable by anyone except the httpd process.
The file should not be writable by anyone.
Please help. Any suggestion is appreciated
Thank you
First you have to figure out which user and group your web server (Apache/nginx/etc) are running under.
If you're using Apache, you should be able to check by running:
grep -E '^(User|Group)' /etc/apache2/apache2.conf
In Ubuntu, it's common for both user and group to be www-data.
Once you know that, you should be able to change the file's ownership like:
chown [webserveruser]:[webservergroup] /var/www/racktables/inc/secret.php
Example:
chown www-data:www-data /var/www/racktables/inc/secret.php
Keep the chmod the same as you had before.
This should mean it's readable by the www-data user and only the www-data user, writable by nobody (including www-data), which should mean all four of your conditions.
When I use chmod() to change permissions at run time, it gives me the below message:
Warning: chmod() [function.chmod]: Operation not permitted in /home/loud/public_html/readalbum.php
How can I remove this error and make the chmod function work?
$ sudo chmod ...
You need to either be the owner of the file or be the superuser, i.e., user root. If you own the directory but not the file, you can copy the file, rm the original, then mv it back, and then you will be able to chown it.
The easy way to temporarily be root is to run the command via sudo. ($ man 8 sudo)
In order to perform chmod, you need to be owner of the file you are trying to modify, or the root user.
This is a tricky question.
There a set of problems about file permissions. If you can do this at the command line
$ sudo chown myaccount /path/to/file
then you have a standard permissions problem. Make sure you own the file and have permission to modify the directory.
If you cannnot get permissions, then you have probably mounted a FAT-32 filesystem. If you ls -l the file, and you find it is owned by root and a member of the "plugdev" group, then you are certain its the issue. FAT-32 permissions are set at the time of mounting, using the line of /etc/fstab file. You can set the uid/gid of all the files like this:
UUID=C14C-CE25 /big vfat utf8,umask=007,uid=1000,gid=1000 0 1
Also, note that the FAT-32 won't take symbolic links.
Wrote the whole thing up at http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/
You, or most likely your sysadmin, will need to login as root and run the chown command:
http://www.computerhope.com/unix/uchown.htm
Through this command you will become the owner of the file.
Or, you can be a member of a group that owns this file and then you can use chmod.
But, talk with your sysadmin.
Sorry for the basic question - I'm a .NET developer and don't have much experience with LAMP setups.
I have a PHP site that will allow uploads to a specific folder. I have been told that this folder needs to be owned by the webserver user for the upload process to work, so I created the folder and then set permissions as such:
chown apache:apache -R uploads/
chmod 755 -R uploads/
The only problem now is that the FTP user can not modify the uploaded files at all.
Is there a permission setting that will allow me to still upload files and then modify them later as a user other than the webserver user?
You can create a new group with both the apache user and FTP user as members and then make the permission on the upload folder 775. This should give both the apache and FTP users the ability to write to the files in the folder but keep everyone else from modifying them.
I would go with Ryan's answer if you really want to do this.
In general on a *nix environment, you always want to err on giving away as little permissions as possible.
9 times out of 10, 755 is the ideal permission for this - as the only user with the ability to modify the files will be the webserver. Change this to 775 with your ftp user in a group if you REALLY need to change this.
Since you're new to php by your own admission, here's a helpful link for improving the security of your upload service:
move_uploaded_file
I would support the idea of creating a ftp group that will have the rights to upload. However, i don't think it is necessary to give 775 permission. 7 stands for read, write, execute. Normally you want to allow certain groups to read and write, but depending on the case, execute may not be necessary.
I will add that if you are using SELinux that you need to make sure the type context is tmp_t You can accomplish this by using the chcon utility
chcon -t tmp_t uploads
What is important is that the apache user and group should have minimum read access and in some cases execute access. For the rest you can give 0 access.
This is the most safe setting.
chmod -R 775 uploads/
chown -R www-data uploads/
Important add to group public for web users standars in ubuntu www-data
Remember also CHOWN or chgrp your website folder. Try myusername# chown -R myusername:_www uploads
Based on the answer from #Ryan Ahearn, following is what I did on Ubuntu 16.04 to create a user front that only has permission for nginx's web dir /var/www/html.
Steps:
* pre-steps:
* basic prepare of server,
* create user 'dev'
which will be the owner of "/var/www/html",
*
* install nginx,
*
*
* create user 'front'
sudo useradd -d /home/front -s /bin/bash front
sudo passwd front
# create home folder, if not exists yet,
sudo mkdir /home/front
# set owner of new home folder,
sudo chown -R front:front /home/front
# switch to user,
su - front
# copy .bashrc, if not exists yet,
cp /etc/skel/.bashrc ~front/
cp /etc/skel/.profile ~front/
# enable color,
vi ~front/.bashrc
# uncomment the line start with "force_color_prompt",
# exit user
exit
*
* add to group 'dev',
sudo usermod -a -G dev front
* change owner of web dir,
sudo chown -R dev:dev /var/www
* change permission of web dir,
chmod 775 $(find /var/www/html -type d)
chmod 664 $(find /var/www/html -type f)
*
* re-login as 'front'
to make group take effect,
*
* test
*
* ok
*