3

PROBLEM

I'm trying to upload files to my own server via PHP. If folder doesn't exist, first I attempt to create the folders;

mkdir($folder, 0700);

My script is creating the folders but apache is the owner of the folder (and file) so I can't access the file which I uploaded.

I have safe_mode off in my server. I still couldn't find a way around for this one.

I would be glad if anyone could help me out with this one.

NOTE: I tried 0755, 0777 doesn't change anything. Apache is owner of the folder created.

Revenant
  • 2,942
  • 7
  • 30
  • 52
  • Permissions 700 are very strict. As in *only* the owner can do anything with the directory. So what you describe is expected. – Jason McCreary Jan 05 '12 at 18:34
  • Have you checked out http://stackoverflow.com/questions/2560762/php-mkdir-and-apache-ownership ? – j08691 Jan 05 '12 at 18:35
  • @j08691; Yes I have checked all. As I mentioned safe_mode is off. @Jason McCreary, even if I change the permission, nothing changes, still `apache` is the owner of the folder. – Revenant Jan 05 '12 at 18:37
  • Check visually that files have been uploaded to server. (1) It could be a size/type file issue (are you working with a php framework?). (2) Many conditions are set in `php.ini` like `post_max_size`, etc... – Igor Parra Jan 05 '12 at 19:11

4 Answers4

2

I'd suggest reconfiguring the web server to use suEXEC or suPHP. The drawback of this approach is that you're forced to use PHP in CGI mode rather than as an Apache mod. I haven't seen this become a problem on low- to mid-traffic sites, though. The main benefit is that your scripts will run as whoever owns them, and as such any new directories or files your script makes will automatically be owned by said user.

Ultimately, if your problem is just with the creation of new directories and not files, and you're not storing anything that shouldn't be read by prying eyes, then chmod($path, 0755); would fix your issue.

WWW
  • 9,734
  • 1
  • 29
  • 33
  • I tried chown(), as far as I understood from it, it could bring high security issues. I rather stick to safety. – Revenant Jan 05 '12 at 18:39
  • I had to change my answer, I didn't realize `chown()` required you to run the script as root to work. – WWW Jan 05 '12 at 18:41
  • I have no idea how to deal with server in such details. I'm guessing there is no other way around this one. – Revenant Jan 05 '12 at 18:57
  • It seems this is the only way to have uid ownership for the folders which are created by PHP. I will have to look into that. Thanks a lot. – Revenant Jan 05 '12 at 19:06
1

The following code snippet creates directories with permissions 777(or any specified permissions):

 $oldumask = umask(0);
 mkdir($path, 0777);
 umask($oldumask);
rjv
  • 6,058
  • 5
  • 27
  • 49
0

Of course. The upload dir must be other writable/accessible, ie: xx7:

// fill APPPATH with a suitable directoy name

if ( ! file_exists(APPPATH . 'uploads'))
{
    mkdir(APPPATH . 'uploads', 0757, TRUE);
}

7: owner permissions, ie: rwx
5: group permissions, ie: rx
7: other permissions, ie: rwx
Igor Parra
  • 10,214
  • 10
  • 69
  • 101
  • It creates folders, I don't have problem with it. Problem is apache is owner of the folders. – Revenant Jan 05 '12 at 18:48
  • Yes, apache will be the owner of the uploaded files too. Just make directory/folder writable and accessible by `other`s users. – Igor Parra Jan 05 '12 at 18:53
  • If this not works, I think that the problem must be in another part of your script. How are you accessing the uploaded files? – Igor Parra Jan 05 '12 at 18:57
  • 0775 is more than enough I guess considering security also. I don't want my files to be accessed just by anyone. I also tried 0777 with my uploads dir. Still the same issue. – Revenant Jan 05 '12 at 19:05
0

Why do you set permissions to 700 in the first place? 755 will allow "anyone" to read your files and folders, and in most cases it's actually acceptable.

a sad dude
  • 2,775
  • 17
  • 20