Filesystem operations don't work from my PHP script; do I need to chmod something?

Question

I am having some permissions problems with mkdir in PHP. I am trying to simply move some files around (and create a folder to put them in), but I am getting this error:

mkdir() [function.mkdir]: Permission denied in

On my old site, I had my folders set to 755 and things seemed to work fine. It seems like the only time I can get mkdir or related functions to work on this server is when folders have 777 as their mode.

Is the web browser considered "Others"? I don't feel like leaving my folders at 777 is a great idea, right?

Answer 1

are you sure the problem does not lie in folder ownership?

maybe chown is the right command to solve this problem

Answer 2

The web browser is not the object considered as "others", but rather the user that the web server is run as, for example httpd or apache.

A common method is to chown the files to set the user and/or group to the web server user, thereby allowing permissions such as 755.

Example:

chown apache:apache ./example/

Answer 3

This may or may not be applicable, depending on the OS you are running the webserver on, you may have other security mechanisms that are interferring with what you are trying to do. One glaring example (which befudled me for a time) is the SELinux security system. Try seeing if you can write to /tmp. If you can't look for other issues. As a general rule blasting 777 permissions can lead to security holes.

Answer 4

If you need to create folders on your server that you can then write to from your web browser you may need to use at least 775. Note that this isn't necessarily the case for creating files. In fact, you probably don't want your files to be 777 at all.

You can also use bash commands within the php code if you would like to avoid having your server (aka www-data) create the directories but you'll still need to place the correct permissions on the folders to allow www-data to then write files to the directories.

Do check your ownerships. The above is based on a folder being owned by some user and group owned by www-data. You can also try to set the folder ownership to www-data but the permission would still be rwx for that particular user.

I hope that's not way to convoluted.

Commands that might help you find out who is running apache on your server:

#top

look for something like:

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                          
20610 www-data  20   0 36772  10m 4380 S    4  0.1   0:04.03 apache2 

or

#ps aux | grep "apache"

look for something like

www-data 26898  0.0  0.0  34248  4076 ?        S    17:59   0:00 /usr/sbin/apache2 -k start