I've got the following situation:
public_html - 755
=> avatar - 777
=> poll - 755
Now when I use the following code, i'll get an error (Warning: file_put_contents(../test.php) [function.file-put-contents]: failed to open stream: Permission denied in XXX):
<?php
file_put_contents('../test.php','<?php');
?>
But when I use the code below, it'll work just fine:
<?php
file_put_contents('test.php','<?php');
?>
(both executed from 'avatar', with 0777)
How can I solve this?
Since your script is executing from avatar, which has 0777 permission (world read/write/execute), it is normal that you are able to create a file within it (i.e.: file_put_contents("test.php")).
If you are not able to create files in public_html (i.e.: file_put_contents("../test.php")), it's because the user that is executing your script (most probably the Apache user) is not the owner of public_html (the owner is most probably a FTP user). Because 0755 means that only the owner is able to write to the directory, then others are only able to read or execute from it.
If you have shell access, you can use chown to change the owner of the file:
bash-4.1.5$ chown newuser public_html
Or you can chmod with higher permissions for non-owners, but you ought to be careful with that.
I guess it's not possible to write to a higher folder, even when you've 0777 permission.
It's not possible to use chmod on this dir, you'll have to use FTP or something.
Related
I am using the following code to upload and move a file to the folder "film_images":
$filepath = '../images/film_images/';
echo '<br />Trying to store file at ' . $filepath;
if (!move_uploaded_file(
$_FILES['teaserimage']['tmp_name'],
sprintf($filepath . '%s.%s',
'test',
$ext))) {
throw new RuntimeException('Failed to move uploaded file.');
}
However, as many people here, I always got a
Failed to open stream: Permission Denied
exception in PHP. Then I went to the server and, using the setfacl command I gave permission rw- to the user www-data, which is the user running this PHP script. Using rw- I still got the exception. Only when I switched rights to rwx, i.e. when I gave www-data full control on this folder, it worked. Now I wonder two things:
Why is it necessary to give the user execution rights in order to write a file?
Is there a way to write the file without giving execution rights to the user? I fear that somebody might upload code, hidden in an image file, and execute it on my server.
You need set default permission on folder if create new files, first chmod it: chmod g+s images/film_images //set permission what you need
second you need set default permissions on create files/folders:
setfacl -R -d -m group:www-data:rwx /path/to/your/dir //set permission what you need
Okay, I think I figured it out. Thanks Paulius S. and his answer, which got me on the right track.
The folder ist owned by me. First, following the answer to this post, I use
chmod g+rwxs dirname
to ensure that files created in the directory are owned by the group I belong to. In particular, www-data is not part of this group. Then using
setfacl -m u:www-data:rwx dirname
I give full access to the directory to the user www-data. Now www-data can upload a, but this file automatically belongs to the group set above (which www-data does not belong to) and hence www-data has no execution right, although he can execute in the folder in general.
I have an uploads directory on my server, php upload works fine when folder's permission is set to 755 but if I make new dir inside uploads (uploads/subuploaddir) upload fails and I need to set 755 permission for this folder manually, so my question is how can I set 755 permission for uploads dir and all of it's future created sub directories?
PS. chmod -R 755 ...mypath/uploads doesn't work
Thanks in advance.
All answers are very appreciated.
Peter
UPDATE:
Problem solved, my fault. PHP creates folders with permission 777 as default and I created folders for testing purposes through FTP manually, so it was created by another system user and with different permission.
Use
umask(022);
in PHP before creating a file (e.g. line 1 in index.php). Using that option, every files that PHP creates will have a permission that equals to 755. If that doesn't work, search your code for calls to umask and change them to the one above.
you can use this command
chmod -R 755 directorypath or file
I want to make and remove directories, and files with a php script
example:
<?php
if (!is_dir('examples')) {
mkdir('examples');
}
?>
But I get permission denied. How can I allow this one script to run these commands?
I have tried chmod 777 mkdir.php and chmod +s mkdir.php
which got rid of the Permission denied meaage, but It still doesn't create the folder.
how can i get mkdir() and or rmdir() php function to work?
Please note, I am not using php as a shell script.
Probably just chown to the user.
(I just came to put an answer here to mark 'answer found')
Original text:
777, if the user www-data isn't the owner of the parent directory or not in the same group as the owner. Usually it would be 775, tho.
Credit to Charlotte Dunois
I have written a PHP script for file uploading and for testing I gave my upload directory 777 permissions. The script works fine.
Now I want to remove execute permissions for obvious reasons, but once I do that, I get the following error:
move_uploaded_file([filepath]) [function.move-uploaded-file]: failed to open stream: Permission denied
Just taking the permissions down from 777 to 776 causes this error to appear when I try to upload a file. I don't understand why having execute permissions should have anything to do with this - can someone PLEASE shed some light?
Thank you!
A directory must have execute permission to be accessible in Unix & Linux.
Quoting from here:
On a directory, the execute permission (also called the "search bit")
allows you to access files in the directory and enter it, with the cd
command, for example. However, note that although the execute bit lets
you enter the directory, you're not allowed to list its contents,
unless you also have the read permissions to that directory.
I agree with lserni that the fact that revoking execute permission on the directory for O (the third digit) causes the problem is worrisome as it indicates that the webserver is accessing the directory neither as owner nor as member of the group. You should fix that.
Just taking the permissions down from 777 to 776 causes this error to appear
This shouldn't happen. You ought to be able to run with 770 permissions, i.e., the directory should be owned by the Website user ID, with the group of web server.
This way the owner and the webserver are both able to manipulate the directory and the data. Ideally the Web server serving your website ought to assume the same user ID as the website owner, and that way you can keep the directory mode 700 and have it read-writeable and listable only by you.
If the last digit of the permissions is biting you, it means that the server is running with permissions for "everyone", which may be okay for a development site but isn't too good on a shared site (imagine your passwords being readable by any other website owner in the machine).
However, if you're running on a test machine, the 777 permissions are okay. Directory executable bit does not mean executable (a directory can't be executed anyway) but merely 'listable'. Without that bit, you can create and delete files but you can't know whether they're really there, and move_uploaded_files is objecting to this situation.
There are other solutions (e.g. chrooting each virtualhost in Apache); see also What are best practices for permissions on Apache-writable directories?
for removing the execute permissions you need to execute following commands..
chown -R nobody upload_directory
chmod -R 755 upload_directory
The first command changes the owner of your upload_directory and files under it to 'nobody' which is what php operates under. The second changes the upload_directory and files to only allow user access to writing. -R is for Recursive..
I have created folders using PHP's mkdir command.
Now I want to delete these folders over FTP or SSH.
I get the error "permission denied".
I am on a managed server so I do not have root access.
What can I do so I will be able to delete these folders?
Do I need to change the file permissions (chmod) using PHP?
The folders would have been created with the ownership/permissions of whatever account PHP was running under (Apache's, if you're doing this from a web-based script).
You wouldn't be able to chown the directories to another account, as that requires root permissions. You could have the script that creates the directories set them to mode 0777, which'd give everyone read/write/delete access to them, but you might not want to open up things that wide.
you have to change the permissions first:
chmod("/somedir/somefile", 755);
or whatever you like
then you can remove with
rmdir("dir")
Yes, you must run chmod after directory or file creation with PHP. Its because PHP runs with Apache permissions.
After chmod to PHP/Apache user you can rename, move or delete folders and files.
Check your permission first if you got any problem. Some folder you only can delete or chmod if you are owner.
If you are owner, then you can use PHP chmod.
CHMOD("PATH_TO_FOLDER",0755);
Then use unlink to delete files in folder:
unlink("PATH_TO_FOLDER/*.*");
And then
rmdir("PATH_TO_FOLDER")