Permission denied when moving file with move_upload_file on Linux server

Question

Permission denied when moving file with move_upload_file on Linux server

Navigation

#1 by (20 votes)
#2 by (4 votes)

11

I'm trying to use move_upload_file to move a file uploaded by the user to their final destination:

$pasta = '../../public_html/admin/helpdesk/ticket/uploads/';

if (!empty($_FILES['img']['name'])) {
    foreach ($_FILES["img"]["error"] as $key => $error) {
        $nome = $_FILES["img"]["name"][$key];
        $tmp_name = $_FILES["img"]["tmp_name"][$key];
        $cod = date('dmyhis') . '-' . $_FILES["img"]["name"][$key];
        $uploadfile = $pasta . basename($cod);
        if (move_uploaded_file($tmp_name, $uploadfile)) {
            return true;
        }
    }

However, the following error is occurring:

failed to open stream: Permission denied

Is there a way around this? I'm passing the relative directory path, but I've already tried to pass the absolute path and it did not work either.

php linux

asked by anonymous 21.01.2014 / 12:53

2 answers

4

I checked the directory and saw that it had permission 775 , I changed it to 777 and when trying to save the file everything happened again ok.

21.01.2014 / 13:33

Equivalent to SOMASES of Excel, in R What is assembler?

score 20 · Accepted Answer

Permissions problems on Linux server

In the PHP world there are several ways to "rotate" a website, most of them are using a web server known as Apache or Nginx, when handling files, sometimes permissions problems occur that are not very clear, I will try to demystify some of them and show what this implies in terms of security.

Server type

It is common to see the use of shared hosting for systems / systems in PHP, we must be aware because this type of hosting is usually very vulnerable if the user does not take the necessary precautions. There are also VPS / Devices where a Linux insulated drive runs insulated, thus giving the system / site a higher level of security.

1) Basic concept of permissions:

In Linux, there is a system of file and folder permissions designed to deliver a secure environment shared by more than one user, roughly in numerical representation mode, are 3 bits which indicates by whom the file can be accessed, see an example:

765 arquivo1.txt
644 arquivo2.txt

The first digit shows us the owner permission, the second, the group permission and the third one, the general permission (other users).

In the first example, we have:

7 -> Dono tem permissão 7 (ler, gravar e executar)
6 -> Grupo tem permissão 6 (ler, gravar) porem não pode executar como o dono
5 -> Outros usuários tem permissão 5 (ler e executar) porem não podem alterar o conteúdo.

This is a superficial explanation and may contain errors, understand better by reading this link .

2) Running a web server on Linux

The web server does not run as root , ie it does not have global permissions on the system, in a default installation, there is a dedicated user, usually called www-data , and a dedicated group with the same name. / p>

When a page is requested, it is the user who reads, interprets and runs any command that the script requests.

If the folder / files of the site / system belong to the user www-data then the permission 700 is sufficient to read, write and execute, since the owner has full access (7) and the other users have no access.

If the user owns the folder / project files is not the same as the user on which the web server runs, we have to add permission on the second and third "bit"

Let's say that there is a user named foo , and it belongs to the group www-data , the site folder looks like foo, with www-date group

then we would have to give 770 permission, so all members of the group have full access to the system / files.

Why does 777 work, anyway?

By giving chmod 777 you expose your files to any user of system, then on a shared hosting, any other user you will be able to read your files, modify the content and even make a 'include' via script.

Conclusions

If you use shared hosting, 777 is an error you can never comment on.
If you use a dedicated / VPS server, you should configure your files and folders to be owned by the same user on which the web server runs, in debian / ubuntu that user is www-data, but the same can be custom / vary in other distributions

To change the owner of a folder and all internal files / folders (recursively):

chown -R user: group my_pasta_www

In the default case,

chown -R www-data: www-data my_pasta_www

In short, 777 never!