Apache and linux file permissions

Question

I recently moved a Symfony 1.3.2 website (a PHP web framework), from a windows machine to Linux (Ubuntu 9.10).

Ever since then, I have had all kinds of problems involving file permission (even though the app run without any of these problems on windows).

I run symfony fix-perms which applied a 777 mask to the web directory (presumably, including its sub folders) - (as an aside) I think that is a potential security hole ... I have been meaning to come in here to ask how to correctly set permissions.

Currently, when attempting to save a file from my website, I am getting the following error:

PHP Warning: imagejpeg() [0function.imagejpeg0]: Unable to open '/home/morpheous/work/webdev/frameworks/symfony/sites/project1/web/uploads/../images/thumbnail/959cd604cf6115014a3703bef5a50486a5520642.jpg' for writing: Permission denied in /home/morpheous/work/webdev/frameworks/symfony/sites/project1/apps/frontend/lib

Here are the permissions on the folders:

web
drwxr-xr-x 16 morpheous morpheous 4096 2010-02-24 21:01 web


web/uploads/../images
drwxr-xr-x 13 morpheous morpheous 12288 2010-04-09 15:25 images


web/uploads/../images/thumbnail
drwxr-xr-x 3 morpheous morpheous  4096 2010-02-24 20:44 thumbnail

Can someone kindly tell me how to set the permissions so that my website (presumably running as the Apache daemon) can write the files to the directory required above?

score 2 · Answer 1 · answered Apr 22 '10 at 00:50

2

Foremost, files that are to be accessed by the web server in either read or write should usually be owned by the user and group the web server is running as (apache:apache or nobody:nobody, not sure about the exact values on Ubuntu).

From there, the user should have r on files and rx on directories, except where write permissions are required. The group should usually match the user permissions. Everyone else should have read-only. This translates into 0444 or 0664 for files, and 0555 or 0775 for directories.

Of course, you may have reasons for breaking this scheme in specific locations, but these are the base values you should have.

answered Apr 22 '10 at 00:50

Ignacio Vazquez-Abrams

45,939
6
79
84

+1 for taking the time to answer. Apologies for the delay in testing this out and getting back to you... Been tied up with something else - but I hope to give feedback and select an answer once I have tested this – user35402 Apr 23 '10 at 17:05
Bah, can't vote up yet (forgot I havent got enogh points here yet) – user35402 Apr 23 '10 at 17:07

score 2 · Accepted Answer · answered Apr 22 '10 at 05:29

2

For ubuntu the apache and PHP user is www-data.

Run sudo chown www-data:www-data web/uploads/ -R and see if that fixes your issue.

Also don't use 777 for the file permissions as Ignacio Vazquez-Abrams stated "0444 or 0664 for files, and 0555 or 0775 for directories"

answered Apr 22 '10 at 05:29

Andrew Winter

261
4
12

@andrew: thanks for that. I'll get back to you soon. Once I've had the chance to try this out. – user35402 Apr 23 '10 at 17:07
@andrew: Thanks, it worked. Could you please explain how I can change the file permissions to 0555 or 0775 as you recommended?. Thank you – user35402 Apr 30 '10 at 07:41
Sorry for the late reply sudo chmod 0555 web/uploads/ -R – Andrew Winter Sep 08 '10 at 03:49

Apache and linux file permissions

2 Answers2

Linked