Giving PHP permission to write to files and folders

Solution 1

I will complete rahmu's and MV's answers with a technical solution. Everything that follows is valid for UNIX-like systems only.

Scroll past the chmod/chown section for an example using ACLs - a more powerful tool than UNIX file modes.

Finding your web server username

First, you will need to know the username under which your web server runs. If you are using Apache, it can be apache or httpd, www-data, etc. On most Debian-like systems, Apache is www-data. For nginx, generally, it is also www-data.

To check it out, try:

ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1

Ensure that the username this command returns is coherent (for example, I use nginx 99% of time, but this command returns tomcat7, a Java web server I installed once).

Giving permissions to the web server: using chmod and chown

Doing a chmod of 666 or 777 (the go-to solution for that kind of problems in bad documentations/tutorials) can magically make things work, but is insecure. Giving 666 or 777 permissions will give access to "others". So not just Apache, but also grandmother and nsa (provided that those user accounts exist on your machine - but no really, please avoid doing this unless it's just for testing/troubleshooting).

It is better to be more specific and give permissions to just you and Apache. Change the group of your files to give the full control on your files to the web server. To do this, change the owner recursively:

chown -R www-data:www-data your/folder/

But most likely, you may want to keep full access on your files by changing the group only:

chown -R yourusername:www-data your/folder/

Then, do the appropriate chmod to give the group www-data the same permissions as you. For example, if the current mode is 640 (6 for you, 4 for www-data, 0 for others, translating to -rw-r-----), set it to 660 (6 for you, 6 for www-data, 0 for others, translating to -rw-rw----). See rahmu's answer to learn more about file modes, it's an old, however elegant mechanism.

To avoid manipulating arcane numbers with chmod, you can also use this syntax:

chmod -R g+rw your/folder/

It means "to the group (g), add (+) read and write (rw) permissions on folder your/folder/, recursively (-R)".

In 90% of cases, this should be enough.

My preferred method: using ACLs (Access Control List)

Sometimes the first solution is not sufficient. I will take the example of Symfony Framework that logs and caches a lot of data. So it needs write access to the appropriate folder.

And the chmod/chown method may not be sufficient, when you are using in parallel the Symfony Console in CLI (under my user account) and the Web (web server user). This causes a lot of problems because Symfony is constantly modifying permissions.

In this case, we will use the ACL (Access Control List), which is a more advanced way to manage permissions on many UNIX systems.

Here the commands given by the official Symfony documentation (please change app/cache and app/logs to your needs):

On a system that supports chmod +a (ie. not Debian/Ubuntu)

sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs

On a system that does not support chmod +a (most common)

You will need the setfacl tool; maybe it is installed on your system by default, so try setfacl -v to see if the command is available.

If the command is not available, and you are using Ubuntu 14.04+, you'll just have to install the tool:

sudo apt install acl

Otherwise, follow your OS documentation, because you may need to change how your partition is mounted (Ubuntu documentation here).

And there we are:

sudo setfacl  -R -m u:"www-data":rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:"www-data":rwX -m u:`whoami`:rwX app/cache app/logs

I never had any problems with this method, satisfied or your money back.

Solution 2

No matter who's the owner of the files, 666 permissions and 777 would be enough: the last digit makes sure that every user on the system has access. While this is the easiest way to do it, it is definitely not the safest for that exact reason.

A better way to do it

The first thing you need to understand is how Unix permissions work. In the interest of understanding the answer I gave at this link, please note that permissions can be translated to numbers:

• 0: ---
• 1: --x
• 2: -w-
• 3: -wx
• 4: r--
• 5: r-x
• 6: rw-
• 7: rwx

A chmod 666 is then equivalent to changing permissions to rw-rw-rw.

Next you have to figure out which is the user that is executing the PHP script. Normally that would be the user running your web server. Here's an example of how to do this (you can replace Apache with the name of your web server).

Once you know which is the user executing the scripts, and which's the owner of the files you mention, it is up to you to set appropriate permissions. Keep in mind that giving write access (even read) to every user on your system can be potentially disastrous.

Related videos on Youtube

05 : 34

PHP File Permissions

Garrett Hight

6

03 : 37

Unix & Linux: Giving PHP permission to write to files and folders (3 Solutions!!)

Roel Van de Paar

4

19 : 36

PHP $_FILES and Handling File Uploads

Steve Griffith - Prof3ssorSt3v3

3

03 : 54

3 Ways To List Files & Folders In PHP

Code Boxx

3

01 : 20

How to give PHP permissions to write to files without globally opening up permissions to the...

Roel Van de Paar

2

Author by

oshirowanen

Updated on September 18, 2022