0

I'm trying to create directory on my local apache server with php.
I tried
<?php mkdir("folder"); ?>
and
<?php exec("sudo mkdir folder"); ?>
When I try to execute them in browser nothing happens.
But I can execute them from terminal by using sudo. (I also modified sudoers file so it won't prompt for password in second code)
When I don't use sudo I get this error
PHP Warning: mkdir(): Permission denied in /var/www/html/mscr/add.php on line 2

I've also tried this and this .

So I can execute almost everything but directory operations in browser. I want to be able to create, delete and edit directories in browser.

Thank you!

Community
  • 1
  • 1
Admiral Nurupo
  • 11
  • 4
  • 1
    It's Apache that needs to create directories rather than PHP when using a browser, does it have permission to do so? – CD001 Aug 11 '16 at 09:59
  • You should not use `sudo` as that would mean giving the web-server user (apache / www / etc.) sudo rights. Instead you should make the parent directory writable for the web-server user. – jeroen Aug 11 '16 at 10:01

2 Answers2

0

Sounds like Apache doesn't have permission to create the folder. Either give Apache ownership of the folder (where you're trying to create a new one)

sudo chown www-data /var/www/html/mscr

or set the folder permissions to 777

sudo chmod 777 /var/www/html/mscr

Warning this will make everything within the mscr folder executable. To get around this most CMS will create a subfolder which is set to 777 so something like /var/www/html/mscr/uploads

Mark Twigg
  • 301
  • 1
  • 8
  • 2
    You should *never* need to 777 anything on a web server ... **ever** : http://serverfault.com/questions/357108/what-permissions-should-my-website-files-folders-have-on-a-linux-webserver – CD001 Aug 11 '16 at 10:03
  • This is pretty standard on how most CMS use an upload folder – Mark Twigg Aug 11 '16 at 10:05
  • @MarkTwigg Thank you so much it solved my problem. Since it will be stay as local server I think all permissions will not be a problem. – Admiral Nurupo Aug 11 '16 at 10:07
  • 2
    Then most CMS's are *doing it wrong* - it's bad advice; on a webserver either Apache or SFTP will probably be the only things that need anything other than read access - there are very few times that *nobody* would need anything other than `0` ... in almost all cases, with users set up correctly, you should never need anything other more permissive than `750` or `770` in some instances. – CD001 Aug 11 '16 at 10:09
  • @CD001 I see, thank you for advice. I'll keep that in my mind. – Admiral Nurupo Aug 11 '16 at 10:13
  • 1
    @CD001 feel free to post your solution below, I've given both options and warned against the second. Setting to 777 doesn't instantly put your server at risk without the code accessing it having an exploit. Wordpress uses it for its cache and uploads, Magento installs its extensions with 777 permissions most other CMS's I've seen use a 777 directory in a similar way – Mark Twigg Aug 11 '16 at 10:14
  • 2
    @MarkTwigg It's not *executable* which is the main concern here, it's the *executable, readable and(!) writable* for anybody. It's simply wrong to do so. Period. – hek2mgl Aug 11 '16 at 10:18
  • @hek2mgl feel free to post your expert response below. – Mark Twigg Aug 11 '16 at 10:20
  • 1
    Magento and Wordpress aren't exactly good examples secure coding practice though; they're not built for it - they're built to be flexible so you can drop them on any-old restricted web server and they'll work. – CD001 Aug 11 '16 at 10:20
  • @CD001 thats fine, you need to mail the developers there and tell them. Feel free to post your answer to the question below – Mark Twigg Aug 11 '16 at 10:23
  • 1
    The answer to the question on ServerFault covers it, no point in posting a duplicate answer to a duplicate question. – CD001 Aug 11 '16 at 10:27
  • @CD001 I'm talking about this question, if you feel you have better input than mine please do so below. Thank You – Mark Twigg Aug 11 '16 at 10:33
  • 1
    This question is *still* a duplicate and has been flagged as such - there's no point in answering duplicate questions, just refer to the original and the answers there. – CD001 Aug 11 '16 at 10:41
0
<?php mkdir("folder", 777, true); ?>
greg-449
  • 109,219
  • 232
  • 102
  • 145
Kaushal Shah
  • 33
  • 6
  • I've tried this but didn't work for me. Mark Twigg's answer worked. Thank you so much. – Admiral Nurupo Aug 11 '16 at 10:10
  • 4
    Don't use `777` for permissions! – hek2mgl Aug 11 '16 at 10:11
  • While this code snippet may solve the question, [including an explanation](//meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Please also try not to crowd your code with explanatory comments, as this reduces the readability of both the code and the explanations! – Blue Aug 12 '16 at 14:30