everyone. I'm trying to write a PHP script that reads and writes files from a secure directory. That is, a directory that users can't access. I put the "deny from all" in the .htaccess of said directory, and PHP scripts can read files from that directory without error. However, I cannot write files to that directory. I get a Permission Denied error when I try to use fopen with the "w" option.
Does anyone know how to fix this?
Use is_writable() function in php to check whether you have permission to write in to a directory. If not you can use chmod() to change the permission and write to it.
I figured it out. I couldn't use chmod from the PHP script and change permissions ("Operation not permitted"), I had to chmod from the terminal and change permissions. Thanks for the suggestions.
Related
On my (shared) webhost, I'm using PHP's curl and fopen to download and save a remote XML-file to a specific directory. The system has to read and execute it later.
Right now, I've created the directory beforehand (permissions: 777) and the system is able to write the XML-file in the directory.
I am afraid that giving permissions to anyone to read, write and execute is a security risk.
Therefore, my questions are:
Is setting chmod to 777 a security risk in this case?
Is there a way to achieve the desired results without setting chmod to 777?
(Since I am a beginner, I'm not (yet) familiar with file users, file groups and file permissions. Is there a way that only "the system" is able to read, execute and write?)
You should avoid 777 alltogether.
There is a way. Such problems are better solved via chown than chmod. One way is to make sure the user that writes the files (normally apache or www) belongs to the group of the folder owner then set permissions to maxiamlly 775.
To allow only the owner to read, execute, and write, change the permissions to 0700.
I want to write text file using PHP.
I can write it using fopen and fwrite function on Windows platform. But, that program is not able to write it on Linux Platform.
Is there any solution?
fopen and fwrite work exactly the same on Linux, but you may have a permission issue there. To solve this, you need to check:
the user under which PHP runs (in a vanilla Apache/PHP install, this is usually www-data)
the permissions and ownership of the directory you are trying to write to
What you need is write permission on the directory for the PHP/Apache user. The easiest (and dirtiest) way of achieving this is is to just make the directory world-writable (chmod o+w the_dir), but this is highly insecure, allowing anyone with any kind of access to the system to store stuff there. A better solution is to either make the PHP user the owner of the directory and specify permission 700 (or 755 if you want it to be world-readable), or create a new group, put the PHP user and yourself in that group, set the group on the directory, and set permission 770 (775 for world-readability) on the directory.
It should work, please check the users permission to the directory and/or file.
You always can try this program writing to /tmp/my.log, it should work)
Of course, you can use the same fopen and fwrite functions on Linux.
The only special thing is that the folder where it's written (or at least the file itself) must be given write permissions.
An easy way to test it would be to set the file permission (or its folder) to 777.
fopen and fwrite works on both SO.
Probabily you have permission denied. Try to give write perms on your file on linux.
You can use php chmod func
Help! PHP cannot write to any files in my web directory. I don't know why! I have the permissions of the file set to 777, but it is not working! Here is the code in question:
<?php
if ($f=fopen('test.txt', 'a'))
echo 'file opened';
fclose($f);
Nothing is being echoed! I don't know why :(.. the userid and gid is 0:0 from the script, and if I try to chown to that it doesn't work.
Please help I need this fixed asap this should be an easy thing to do but the damn server is being difficult.
And its running on Cent OS if thats any help..
You'll need to enable the appropriate SELinux booleans and label the directory with the appropriate file context if you want to write files there.
Or you could disable SELinux. But don't do that.
try to use absolute path. might be other dir then you think. also might be network file system that cannot be accessed as root.
If you're just uploading this php to a typical multi user server and you have 777 permissions but cannot write files, the most likely "culprit" is suPHP.
In a system with the suPHP module installed, one cannot have 777 permissions.
You can check for the existence of this installed on your system with phpinfo().
I recently moved my website to a new host and now am experiencing some broken code..
I have an uploading script that is now returning this:
move_uploaded_file() failed to open
stream: Permission denied in *..
I've set the upload directory to 777 which worked fine, but my script is needed to have top level permissions..
(As the script itself sets permission to directories, does lots of copying etc)
Is there a way in apache I can set the PHP script to the owner of all the folders on my server?
Thanks
Also
When looking in phpInfo()
Under
apache2handler
User/Group nobody(99)/99
Is this related?
I wouldn't go that route, just give it permissions to the defined upload_tmp_dir, or define upload_tmp_dir to be a directory you have access to. If it is that directory you have problems with. If the target is the problem, and you've 777'ed it, something fishy is going on.
Do you have ssh access to your new host? The reason I ask is that it's probably not best to use the username/group as nobody, as most other services would use this too. I would change it to something like apache
You can then update httpd.conf, adding in these two lines (reloading the config after):
User apache
Group apache
Then, run chown apache:apache -R dir_name to make apache own it.
well,
When you are trying to set the permission like "0777", you must be running on same authority.
What I mean is.
For example, your script tells to change a folder/file permission to 0777, but the folder or file already has a permission and that is '0755' so you are not authorised to make that change. as the user have only 5 authority.
Either, you need to login to FTP and change the folder permission to 0777 and then you have full control over it or you have to stick with using 0755 or similar.
the php fopen fails to open a file for reading, if the file permission is 440. I don't want to give 444 permission to the file, so that it can't be accessed directly through a URL.
Assuming you are using Apache with PHP, the easiest way around this issue is to limit access to the files using Apache but allow global read access. The way to do this is keep all the files you want off-limits in their own directory, and in the .htaccess file put this:
Order Allow , Deny
Deny from all
Now you can have global read permissions, but if you try to access the file directly from the web you will get a Permission Denied error.
You can do as tj111 suggests, block it with .htaccess.
But even better idea is to put it outside of the www root.
For example if your PHP files are in /home/user/public_html/, put your files with limited access e.g. in /home/user/includes giving them 644 (rw-r--r--). You can limit directory permissions to 711 (rwx--x--x), so no one but you can see what files are there. This doesn't prevent you though, from reading or including these files using PHP.