Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache permissions, PHP file create, MKDir fail

Tags:

It seems i cannot create files. When i set permissions to 777 On the folder i am trying to create a folder in then the script works fine. If the folder is set to 755, it fails. I do not know much about linux, but i am suppose to figure this stuff out. I have spent a couple hours trying stuff. Does anyone know how to make it so that apache has high enough permissions.



I know it is a permissions and apache problem, i just do not know how to fix this. I have edited the httpd.conf file, but i really do not know what i am doing... Any help? (I saved backup.)

like image 561
ThePrimeagen Avatar asked Mar 02 '11 08:03

ThePrimeagen


People also ask

How do I fix permission denied mkdir?

[ErrorException] mkdir(): Permission denied. That means you do not have write permission on your project folder. Create a new folder, say 'myproject and run sudo chmod 777 myproject . Then move to 'myproject' folder and create project.

What should php file permissions be?

For maximum security you should set minimum permissions, which is 640. The owner 6 would be the one uploading the files. The group 4 would be the one serving the file.

How do I change permissions in PHP?

If you want to change the permissions of an existing file, use chmod (change mode): $itWorked = chmod ("/yourdir/yourfile", 0777); If you want all new files to have certain permissions, you need to look into setting your umode . This is a process setting that applies a default modification to standard modes.


2 Answers

Please stop suggesting to use 777. You're making your file writeable by everyone, which pretty much means you lose all security that the permission system was designed for. If you suggest this, think about the consequences it may have on a poorly configured webserver: it would become incredibly easy to "hack" the website, by overwriting the files. So, don't.

Michael: there's a perfectly viable reason why your script can't create the directory, the user running PHP (that might be different from Apache) simply doesn't have sufficient permissions to do so. Instead of changing the permissions, I think you should solve the underlying problem, meaning your files have the wrong owner, or Apache or PHP is running under the wrong user.

Now, it seems like you have your own server installed. You can determine which user is running PHP by running a simple script that calls the 'whoami' program installed in most linuxes:

<?php echo `whoami`; 

If all is right, you should see the username PHP is running under. Depending on your OS, this might be 'www-data', 'nobody', 'http', or any variation. If your website is the only website running, this is easy to change by changing the user Apache runs under. If you have Debian, like I tend to, you can edit the file /etc/apache2/envvars (as root), and change the value for APACHE_RUN_USER. Depending on your OS, this variable might be set in a different configuration file, so if you can't find it in /etc/apache2/envvars, try to search for the variable declaration by using:

$ grep -R "APACHE_RUN_USER=" . 

From the directory all apache-config files are in.

If you're not the only one on the server, you might want to consider creating user accounts for every website, and using something like Apache2-MPM-ITK to change the RUN_USER depending on which website is called. Also, make sure that the user the PHP process is running under is the owner of the files, and the directories. You can accomplish that by using chown:

% chown theuser:theuser -R /var/www/website/ 

If PHP is running with it's own user, and is the owner of the files and directories it needs to write in, the permission 700 would be enough. I tend to use 750 for most files myself though, as I generally have multiple users in that group, and they can have reading permissions. So, you can change the permissions:

% chmod 0750 -R /var/www/website/ 

That should be it. If you having issues, let us know, and please don't ever take up any advice that essentially tells you: if security is bothering you, remove the security.

like image 109
Berry Langerak Avatar answered Sep 28 '22 11:09

Berry Langerak


I have a similar problem but in my case I have SELinux running and it failed even with 0777 permission. Turns out I need to explicitly allow httpd to have write access on the directory using:

chcon -R -t httpd_sys_rw_content_t <PARENT_OF_MKDIR_TARGET> 

SELinux Troubleshooter may have more details.

like image 40
user1533634 Avatar answered Sep 28 '22 11:09

user1533634