How do I get around apache owning files uploaded to a PHP webserver?

Question

Hey all,

I am working on a PHP web app on a Linux web server for grades and documents for a course that I am co-teaching. The page I am writing at the moment is for submitting assignments, where the student selects an assignment from a drop-down menu and then uploads the assignment and submits. On submit, all the information about the submission goes into a MySQL table, and the file is moved to a permanent location on the file system. Ideally, this would be something highly organized by assignment, student, and version, but all I want right now is to get the file upload working in principle, so for now it just sends stuff to the directory ~/phptest/ (permissions for which are set to 755, though I have tried 777 just for tests, and that didn't work either). Here is the code as it is now:

($dbh is an instance of an expanded DB handle class I created to make these specific DB transactions cleaner)

if(isset($_POST['submit'])) {
    $assignmentID = $_POST['assID'];
    $tmp = "/home/username/phptest/"; 
    $info = pathinfo($_FILES['file']['name']);
    $filename = $info['basename'];
    $ext = $info['extension'];
    if(1) { //strcmpall($ext,array('tar.gz','zip'))) {
        if($_FILES['file']['size'] < 1000000) {
            $path = $tmp . $filename;
            if(move_uploaded_file($_FILES['file']['tmp_name'], $path)) {
                $versionQuery = $dbh->select(array('version'),array('a01_submissions'),array("studentID='$studentID'","assignmentID='$assignmentID'"));
                if(count($versionQuery)) {
                    $versionArray = $dbh->colToArray($versionQuery,'version');
                    $version = max($versionArray)+1;
                }
                else $version = 1;
                echo "Version $version.\n";
                $week = $dbh->getOne('week','a01_assignments','id',$assignmentID);
                $dbh->insert("a01_submissions",array('studentID','assignmentID','version','filePath'),array($studentID,$assignmentID,$version,addslashes($newpath)));
                echo "File $filename sucessfully uploaded and stored at $newpath.\n";
            }
            else echo $moved . "
\n";
        }
        else die("File cannot exceed 1MB");
    }
    else die("Bad file extension.");
} 
else { 
// HTML to display the submission screen
}

My problem, though, is that move_uploaded_file only works for directories with 777 permissions. Closer inspection reveals that this is because PHP is uploading stuff as the user 'apache', and therefore can't write to directories owned by my username with o-w. I saw solutions posted by users in the PHP docs that suggested using chown to reclaim the files, but I don't have a high enough permission level to do this. Is there an elegant solution to this problem that does not involve trying to get my username higher permissions?

Thanks!

Answer 1

Get the sysadmin to put you in the same user group as apache or ideally create a new group called something like developers and add the apache user and yourself to it.

Otherwise you could try using PHP's chmod or chown functions immediately after the file upload. If you run chmod($filepath, 0777); that should be a good test of whether it will work for you or not.