In my application, I have provided facility to upload images. But when someone uploads images then it uploaded to server with default permissions 600 and with user www-data. My FTP username is different its say uvideo.
As images are uploaded with default www-data, so when I am trying to change or delete them via FTP, then its not working.
I want them to be uploaded with username and group as uvideo? Is it possible in php?
Or if not then is there any possibility to achieve the same via server, I am using Ubuntu LAMP setup.
Please help, thanks!
PHP has a command chown but you can't use it unless your web server is running as root which you should never do
Attempts to change the owner of the file filename to user user. Only the superuser may change the owner of a file.
There is also chgrp but you limited to changing the group to only groups the web user is able to.
You can however use chmod to make the file writeable by your ftp user account.
You could also, add your ftp user to the same group as your web user and and set group write permissions chmod 0775
Related
I have a access to the server where many wordpress blogs are hosted. Initially the permission to uploads folder were set to 777(Recursively) but this caused problems to our server and malicious files where uploaded due to which our server is blacklisted.
I have deleted all those PHP files under uploads folder and set the permission to 755.
Now the problem is that the admin users to wordpress blogs/sites unable to upload media files.
Please guide me what I can do so that they can upload files (images or videos).
Can we set something which will ask FTP details when they upload files using wordpress admin. I can create FTP users for this.
Please Guide.
Not sure what type of error you are getting. But you can try this
add this line to
define('UPLOADS', 'wp-content/uploads');
wp-config.php
just before below line
require_once(ABSPATH.’wp-settings.php’);
If the directory doesn’t already exist, WordPress will automatically create it as long as the wp-content folder is writeable.
Hey I just set the Permission to chmod -v 747 uploads and it worked. Atleast better than 777.
But would like to here suggestion if this is risky. If risky then how much. I am new to permissions and server management.
Thanks !
I know this is an old thread but I found it high in the results for an unrelated issue I am having. It seemed by the permission modes being used #vanurag was actually having a user/group permissions issue rather than the permission modes (755 vs 777) issue.
You can find the web server user with var_dump(whoami()) in php, could be something like www-data.
Once know the user name verify that user is either the owner of the folder or is in the group assigned to the folder. You can use the following in Linux console to find current user/group.
ls -l /path/to/wp-content/uploads
Either add the web server user (www-data) as the owner and leave the group as it is or add the user to the group who have permissions.
Use chown (change owner) to set your users to your needs.
I usually add the user to the group rather than change the owner since the owner could be an FTP user and may mess up permissions used else where in your configuration.
usermod -g www-data foobar where foobar is the name of the group who has permissions to the uploads folder.
Here is a decent article on this issue in respect to WordPress uploads folder.
https://www.digitalocean.com/community/questions/proper-permissions-for-web-server-s-directory
I have a script that resizes images and then save the new images.
I can't save the new image if the original image didn't have 777 permissions.
I know that 777 is risky, so when using different permissions such as 775 or 755 it does nothing.
Why it does nothing?
how to fix it?
EDIT:
I want to be able to save the files using my script no matter what the permission of the IMAGE is/was.
It all because your server is badly configured, which means httpd runs as different user than owns all the files and this requires write permission set for others. The solution would be to fix the server configuration so these user ids match. But it's not trivial if you are not familiar with the server administration. Other (but this is not really a solution) would be to to put these two users into one group, so that way instead of giving everyone write access you "limit" it to your group only. But this is not a way to go though. Alternatively, if you are the only user on the server you may set httpd to run on your userid/groupid instead of its own. But, again, this should not be considered a "solution".
You can re-set the User and Group parameters in Apache config file to run it as another user.
Your web server is running under a different user than user who owns the images. To find out under which user is your webserver running, create and run this php script
<?php
echo shell_exec('whoami');
?>
1) You create a new folder with 777 permission.
2) save the image in that folder.
I dont think you would need 777 on the original image.
.
.
For the security, you need:
A) check extension of uploaded files and call the custom resize/image function. This will ensure the file is always converted into an image.
B) [.htaccess] (inside your user upload image directory) =
#Disable directory indexes & folder listing
[deny any file other than image]
<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>
You can try to chmod afterwards, but it's strongly dependent on the rights the php daemon has;
chmod("/somedir/somefile", 755);
With fileperms() you can get the current permissions of the created file(s).
I'm trying to upload a file to a virtual machine in Amazon. and i have some questions.
I think i have to give (777) permissions to my server folder to be able to upload my file. if i don't it won't work. is this ok?
is it secure to give those permissions?
You don't need to make the file's permissions 777 in order to be able to write it into a directory. Instead, the directory needs to have permission to be written to by the user.
If you are running apache, the process runs as the user www-data and wherever you are trying to write the file to, must have write permissions by this user. If you are writing to /var/www/my_file_uploads, then try this:
chown -R www-data:www-data /var/www/my_file_uploads
Note that by doing this, you will be preventing others on your home machine from reading the file as well (unless you explicitly permit it).
So, basically the question is in the title and a little more detailed scenario:
I have a site's backend written in PHP (on linux server - centos 6) and I actually have only 2 users who have the access to it. They need to be able to upload images via some form. So, I made the simple upload script, but no matter what (or am to ignorant to know :/), the upload only works on folder permissions set to 777, so my question is is this ok, or should I implement some better 'common practice' in this situation?
You don't need the directory permissions at 777. What you need is to be certain the the directory is writable by the web server user, which either means making it owned by the web server user or owned by another user with its group set to the web server user and group-writable permissions.
So if your web server user was www-data for example (other common possibilities include apache, httpd, www):
# Set ownership to the web server user
chown www-data uploads_dir
# and make it writable by the web server user
# could also be 755 (readable by others)
chmod 700 uploads_dir
Or if it must stay owned by your account user (on a shared host for example), set the group to the web server user:
chown youruser:www-data uploads_dir
# and make it group-writable:
chmod 775 uploads_dir
The bottom line is that it is usually not a good idea to assign 777 (world-writable) permissions to a directory. Also, uploads_dir should ideally be placed outside the web server's document root so it isn't available vit HTTP requests.
You can also use something like suphp to run the php scripts as a user, while retaining the ability to have the folder not writeable by any other user or group.
You would need administrative access to your webserver for this, though.
A solution is to use FastCgi.
This make new files and directories owned by the the same user and group.
There is a performance penalty to FastCgi but you get some added security as it restricts php. If you are hosting multiple website with multiple users this could be a good idea.
I have checked out articles and tutorials.
I don't know what to do about the security of my picture upload-folder.
It is pictures for classifieds which should be uploaded to the folder.
This is what I want:
Anybody may upload images to the folder.
The images will be moved to another folder, by another php-code later on (automatic).
Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days.
What should I do here?
The images are uploaded via a php-upload script.
This script checks to see if the extension of the file is actually a valid image-file.
When I try this:
chmod 755 images
the images wont be uploaded.
But like this it works:
chmod 777 images
But 777 is a security risk right?
Please give me detailed information...
The Q is, what to do to solve this problem, not info about what permissions there are etc etc...
Thanks
If you need more info let me know...
You have to make sure the upload folder is owned by apache or whoever user is as which the http server is started.
Alternatively you can use 775 owned by the UID who will be collecting the files and with as gid the group id as which the webserver is started.
There are of course variations on these themes.
As long as the webserver user or webserver group has permission to write in the folder, it will be fine for uploading.
There are all kind of cornercases, but then we'll need more info about your setup.
0 No Permissions (the user(s) cannot
do anything)
1 Execute Only (the user(s) can only
execute the file)
2 Write Only (the user(s) can only
write to the file)
3 Write and Execute Permissions
4 Read Only
5 Read and Execute Permissions
6 Read and Write Permissions
7 Read, Write and Execute Permissions
First number = OWNER
Second number = GROUP
Third number = OTHER USERS
One possibility for why it only works with 777 permissions might be if you are running SELinux. It's possible that it is preventing the write. I would have thought though that it would have prevented it even with the 777 permsissions but I'm no SELinux expert.
Every newbie mix users up. :)
You just have to distinguish OS user and website user.
The latter one has nothing to do with OS permissions.
For the OS users you have given 2 of them:
FTP user, owner of the files, uploaded via FTP
webserver user, owner of the files uploaded via browser.
Site user, who have no direct access to any files at all.
So, in case both these users are the same, you have no worry about.
But usually these are different users. So, one has no access to other's files unless directories has 777 and files 755.
That's why you have to set 777 for directories.
As we have learned above that website users has nothing to do with os permissions, you should not worry about security. 777 is ok.