This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Going crazy here, can't figure out why rename(), copy() functions don't work.
I get this error:
Warning: copy(/fullpathtofile/a4d3af69.jpeg) [function.copy]: failed to open stream: Permission denied in /var/www/vhosts/site.com/httpdocs/application/controllers/WorkController.php on line 31
Permissions are set to 775. It will only work with 777, but I don't think that's the right way to go for my social network site which is on my dedicated server, it's a safety issue right? Is that my only fix? I expected copy() should have worked.
The web server user does not have sufficient permissions to write to the directory you are copying to.
Walkthrough for solving your problem
chmod the "target" directory to 777.
Let your script write a file to that directory.
Inspect the written file (ls will do) and see which user owns it.
That is the user the web server process is running as.
Make sure your target directory is owned by that user (in which case chmod 755 will do) or that user's group (in which case chmod 775 will do).
Permissions of what are set to 775? If it is the target, you would need write-permission, otherwise you can't write to that location?
You need to set the ownership of your /fullpathtofile to the user who is running the webserver, and the same is true for the files within it. All files which are saved from PHP will be owned by that user. I am assuming you are saving an uploaded file to that directory: otherwise this holds for both the source and the destination.
If you're on dedicated, there is nothing wrong with 777 then.
You have to check perms and owner for the every nested directory involved.
ls -la them all.
chown the relevant directory to be owned by the user that the PHP script runs as (see get_current_user()).
Edit: This is wrong, see comments. The user you actually want to use with chown is the one the web service is running as. This is commonly nobody, apache, www-data, etc., and can usually be determined with ps aux | grep httpd.
Related
I have seen many questions and answers on this topic but none seem to help my situation. My PHP code is successfully creating a new logfile, but then cannot access that file to append further info, close it, etc.
I am migrating an application from local XAMPP onto LAMP: hence problem only showing up now due to Windows/XAMPP giving no permission troubles.
I started with a default Bitnami LAMP stack, and then manually setup relevant directory permissions on server:
- my sftp user has rwx on htdocs and assorted out-of-web-root directories
- apache is running as 'daemon' so I have given read & execute permissions to relevant directories for 'daemon' as group
- in most directories I have disallowed write permissions for 'daemon'
- however for my (application generated, internal) logs I have a 'logfiles' directory which has rwx for both my user and the 'daemon' group
- 'other' is -rwx for all
When I run my application it falls over pretty much immediately. The error logs showing fopen failed to open stream: permission denied. However, the permissions indicate that it should have access.
When I check the file involved it has following permissions:
-rw-r--r-- 1 daemon daemon 962 Oct 3 10:14 20151003logfile03-10-33530.txt
This tells me that the file was created by Apache (i.e. by my PHP script) and that it has read and write permissions, from when I fopen() with "w"
EDIT: adding directory info:
Folder level permissions give my ftps user and daemon (group) full rwx access:
drwxrwx--- 2 ftpuser daemon 4096 Oct 3 10:30 logfiles
BUT it can't then fopen with "a"
I am assuming that this IS a file permission problem because:
a) it works fine on XAMPP
b) it states permission error in the error log
However, I can't see why it should be a problem, given directly-specified OS-level permissions ... maybe Apache requires an .htaccess 'allow' on this directory also?
Any ideas?
Clarification re why I don't think CHMOD is the answer (sorry #RedAcid):
CHMOD 777 etc is simply a way to set the underlying permissions I already have. Each digit represents 3 binary chars, so 7 is 111 (i.e. read, write and execute). As you can see above, I have read/write/execute for PHP/Apache on folder, together with read/write for file. What I've read suggests that you need execute at directory level, but not at file level because its not trying to execute the file.
So what am I missing here? Why else might it be denying permission?
use chmod 666 for the file and proper user group permissions. folder where files are located must be writable with chmod 777
OK - I found out the problem was higher level parent directory not having read/execute permissions. Now working! (AT LAST!)
For more detail see this previous question:
PHP fopen() fails on files even with wide-open permissions
I have written a PHP script for file uploading and for testing I gave my upload directory 777 permissions. The script works fine.
Now I want to remove execute permissions for obvious reasons, but once I do that, I get the following error:
move_uploaded_file([filepath]) [function.move-uploaded-file]: failed to open stream: Permission denied
Just taking the permissions down from 777 to 776 causes this error to appear when I try to upload a file. I don't understand why having execute permissions should have anything to do with this - can someone PLEASE shed some light?
Thank you!
A directory must have execute permission to be accessible in Unix & Linux.
Quoting from here:
On a directory, the execute permission (also called the "search bit")
allows you to access files in the directory and enter it, with the cd
command, for example. However, note that although the execute bit lets
you enter the directory, you're not allowed to list its contents,
unless you also have the read permissions to that directory.
I agree with lserni that the fact that revoking execute permission on the directory for O (the third digit) causes the problem is worrisome as it indicates that the webserver is accessing the directory neither as owner nor as member of the group. You should fix that.
Just taking the permissions down from 777 to 776 causes this error to appear
This shouldn't happen. You ought to be able to run with 770 permissions, i.e., the directory should be owned by the Website user ID, with the group of web server.
This way the owner and the webserver are both able to manipulate the directory and the data. Ideally the Web server serving your website ought to assume the same user ID as the website owner, and that way you can keep the directory mode 700 and have it read-writeable and listable only by you.
If the last digit of the permissions is biting you, it means that the server is running with permissions for "everyone", which may be okay for a development site but isn't too good on a shared site (imagine your passwords being readable by any other website owner in the machine).
However, if you're running on a test machine, the 777 permissions are okay. Directory executable bit does not mean executable (a directory can't be executed anyway) but merely 'listable'. Without that bit, you can create and delete files but you can't know whether they're really there, and move_uploaded_files is objecting to this situation.
There are other solutions (e.g. chrooting each virtualhost in Apache); see also What are best practices for permissions on Apache-writable directories?
for removing the execute permissions you need to execute following commands..
chown -R nobody upload_directory
chmod -R 755 upload_directory
The first command changes the owner of your upload_directory and files under it to 'nobody' which is what php operates under. The second changes the upload_directory and files to only allow user access to writing. -R is for Recursive..
I recently moved my website to a new host and now am experiencing some broken code..
I have an uploading script that is now returning this:
move_uploaded_file() failed to open
stream: Permission denied in *..
I've set the upload directory to 777 which worked fine, but my script is needed to have top level permissions..
(As the script itself sets permission to directories, does lots of copying etc)
Is there a way in apache I can set the PHP script to the owner of all the folders on my server?
Thanks
Also
When looking in phpInfo()
Under
apache2handler
User/Group nobody(99)/99
Is this related?
I wouldn't go that route, just give it permissions to the defined upload_tmp_dir, or define upload_tmp_dir to be a directory you have access to. If it is that directory you have problems with. If the target is the problem, and you've 777'ed it, something fishy is going on.
Do you have ssh access to your new host? The reason I ask is that it's probably not best to use the username/group as nobody, as most other services would use this too. I would change it to something like apache
You can then update httpd.conf, adding in these two lines (reloading the config after):
User apache
Group apache
Then, run chown apache:apache -R dir_name to make apache own it.
well,
When you are trying to set the permission like "0777", you must be running on same authority.
What I mean is.
For example, your script tells to change a folder/file permission to 0777, but the folder or file already has a permission and that is '0755' so you are not authorised to make that change. as the user have only 5 authority.
Either, you need to login to FTP and change the folder permission to 0777 and then you have full control over it or you have to stick with using 0755 or similar.
I'm trying to use PHP to create a file, but it isn't working. I am assuming this is because it doesn't have write access (it's always been the problem before). I tried to test if this was the problem by making the folder chmod 0777, but that just ended up making every script in that directory return a 500 error message until I changed it back.
How do I give PHP write access to my file system so it can a create a file?
Edit: It is hosted on Hostgator shared hosting using Apache.
Edit 2: Someone asked for the code:
The code is a GD image script. I know the rest of it works as previously I was creating the image every ime it was called. Now I am trying to create them when new text is added and save them to a folder. The write line I have is:
imagejpeg(null,$file,85);
I also created a test file to check if it was just a broken script (mainly copied from tizag):
http://gearboxshow.info/rkr/lesig.jpg/testfile.txt (I don't know if/how to post the code here properly. Here is the contents of the PHP script, minus PHP tags.)
It returns 13,13,1 (separate lines), so it looks as if it thinks it wrote something, but the testfile.txt is blank (I uploaded a blank one), or non-existent (if I delete it).
Edit 3: The server runs CentOS.
An easy way is to let PHP create the directory itself in the first place.
<?php
$dir = 'myDir';
// create new directory with 744 permissions if it does not exist yet
// owner will be the user/group the PHP script is run under
if ( !file_exists($dir) ) {
mkdir ($dir, 0744);
}
file_put_contents ($dir.'/test.txt', 'Hello File');
This saves you the hassle with permissions.
Simple 3-Step Solution
Abstract: You need to set the owner of the directory to the user that PHP uses (web server user).
Step 1: Determine PHP User
Create a PHP file containing the following:
<?php echo `whoami`; ?>
Upload it to your web server. The output should be similar to the following:
www-data
Therefore, the PHP user is www-data.
Step 2: Determine Owner of Directory
Next, check the details of the web directory via the command line:
ls -dl /var/www/example.com/public_html/example-folder
The result should be similar to the following:
drwxrwxr-x 2 exampleuser1 exampleuser2 4096 Mar 29 16:34 example-folder
Therefore, the owner of the directory is exampleuser1.
Step 3: Change Directory Owner to PHP User
Afterwards, change the owner of the web directory to the PHP user:
sudo chown -R www-data /var/www/example.com/public_html/example-folder
Verify that the owner of the web directory has been changed:
ls -dl /var/www/example.com/public_html/example-folder
The result should be similar to the following:
drwxrwxr-x 2 www-data exampleuser2 4096 Mar 29 16:34 example-folder
Therefore, the owner of example-folder has successfully been changed to the PHP user: www-data.
Done! PHP should now be able to write to the directory.
Set the owner of the directory to the user running apache. Often nobody on linux
chown nobody:nobody <dirname>
This way your folder will not be world writable, but still writable for apache :)
1st Figure out which user is owning httpd process using the following command
ps aux | grep httpd
you will get a several line response like this:
phpuser 17121 0.0 0.2 414060 7928 ? SN 03:49 0:00 /usr/sbin/httpd
Here 1st column shows the user name. So now you know the user who is trying to write files, which is in this case phpuser
You can now go ahead and set the permission for directory where your php script is trying to write something:
sudo chown phpuser:phpuser PhpCanWriteHere
sudo chmod 755 PhpCanWriteHere
You can change the permissions of a folder with PHP's chmod(). More information on how to use the command is here: http://php.net/manual/en/function.chmod.php
If you get a 500 Error when setting the permissions to 777 (world writable), then it means your server is setup to prevent executing such files. This is done for security reasons. In that case, you will want to use 755 as the highest permissions on a file.
If there is an error_log file that is generated in the folder where you are executing the PHP document, you will want to view the last few entries. This will give you an idea where the script is failing.
For help with PHP file manipulation, I use http://www.tizag.com/phpT/filewrite.php as a resource.
I found out that with HostGator you have to set files to CMOD 644 and Folders to 755. Since I did this based on their tech support it works with HostGator
I had the same problem:
As I was reluctant to give 0777 to my php directory, I create a tmp directory with rights 0777, where I create the files I need to write to.
My php directory continue to be protected. If somebody hackes the tmp directory, the site continue to work as usual.
You can set selinux to permissive in order to analyze.
# setenforce 0
Selinux will log but permit acesses. So you can check the /var/log/audit/audit.log for details. Maybe you will need change selinux context. Fot this, you will use chcon command. If you need, show us your audit.log to more detailed answer.
Don't forget to enable selinux after you solved the problem. It better keep selinux enforced.
# setenforce 1
Best way in giving write access to a directory..
$dst = "path/to/directory";
mkdir($dst);
chown($dst, "ownername");
chgrp($dst, "groupname");
exec ("find ".$dst." -type d -exec chmod 0777 {} +");
chmod does not allow you to set ownership of a file. To set the ownership of the file you must use the chown command.
I'm running Ubuntu, and as said above nobody:nobody does not work on Ubuntu. You get the error:
chown: invalid group: 'nobody:nobody'
Instead you should use the 'nogroup', like:
chown nobody:nogroup <dirname>
Tiny little hint!
echo whoami;
make sure you use BACK QUOTES
NOT
single quotes ' '
!
(of course now the back quotes don't show up in this editor! oh well, I tried!)
I am creating an image dynamically using php. The image is being created if I go in and make the file first. However, if I don't create the file manually then I get the following error.
Warning: imagegif() [function.imagegif]: Unable to open 'filename2.png' for writing in /www/vhosts/yourraceresults.com/htdocs/trial/TextToImage.inc.php on line 144
Example:
public function SaveTextAsPng($fontSize, $x, $y, $textContent, $fileName='image'){
imagestring($this->image, $fontSize, $x, $y, $textContent, $this->text_color);
return imagepng($this->image, "/www/vhosts/yourraceresults.com/htdocs/admin/trial/images/".$fileName.".png");
}
$textToImage->SaveTextAsPng(10, 11,11, 'fakeinfo','filename2');
Either the output folder do not exist (in which case you have to create it), or you do not have write permissions to the output folder. To fix this:
If you're using a shell:
chmod 777 /www/vhosts/yourraceresults.com/htdocs/trial
If you're using an FTP client:
Right click on the "trial" folder, search for something called "chmod", "rights", "permissions" (perhaps in "properties"), then give it every permission or, alternatively, enter chmod value 777.
It seems your web user (apache, www, ...) has not got write permissions in the folder you are trying to write to. Or, if the file already exists, it has not got write permissions for that file.
Edit: Changing the permissions
Supposing you are on a linux like system with an apache web-server, first you need to find out as which user your web-server is running. You need to get a command shell on the server (ssh) and then you can probably see the web-server user typing the following command:
$ ps aux | grep httpd
In the list you will see all running apache processes with the username in the first column.
Let´s say that the web-user is apache, you now need to give apache write permissions in that directory. You can do that by changing the group to apache and giving write permissions to that group or by changing the ownership of the directory to apache. Let´s say you want to change the group:
$ chgrp apache /www/vhosts/yourraceresults.com/htdocs/trial
Give the owner and the group users (apache) write permissions:
$ chmod 775 /www/vhosts/yourraceresults.com/htdocs/trial
Disclamer: this is a fast solution, but I don´t know much about the safety, comments are welcome!
Do you have properly setted rights for output dir? I'm think your web server (and php with it) can't write to destination folder.
It seems your script needs write permissions on that directory. An easy way to change these permissions is to login via FTP and change the permissions from your FTP client. Most (at least, of the few I've tried) FTP clients offer an option when you right-click a folder called "Permissions" or "File Attributes" (FileZilla) or something like that. It should show a dialog with different permissions checkboxes; make sure to give at least the Owner permission to write. If you are on a *nix host, you should be able to go to the directory and issue the command chmod 755 . to change the permissions.
EDIT: chmod 777 . will give you the most permissions, if 755 does not work.