PHP upload permission problem
Solution 1
The user, that initially writes the files into your "/upload" directory, is the one that started the Apache instance running a PHP module.
In other words, PHP is the "owner" of all uploaded files and through a PHP script you can change the permissions of all relevant uploaded files without providing any credentials at all:
A quick and dirty hack to make uploaded files writable to all users would be
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
$f="/home/user/mysite/upload/" . $_FILES["file"]["name"]);
chmod($f, 0777);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
Solution 2
move_uploaded_file uses umask(600). Use copy($source, $dest)
instead of move.
Solution 3
You can use chmod
to change the file permissions.
To get the permissions of a file, use fileperms
.
Comments
-
JB87 almost 2 years
right guys ive ran into a problem with file permissions with the following upload form. a text file is passed to the upload/ dir by global users.
mysite$ ls -l drwxrwxrwx 2 user user 4096 2010-09-24 13:07 upload
but as I am not logged in as root, the new file uploaded to the domain saved itself in the upload/ dir with limiting permissions and cannot be modified. eg.
upload$ ls -l -rw-r--r-- 1 www-data www-data 3067 2010-09-24 13:07 Readme.txt
this problem is obviously the same for all files added to the upload folder by global users. once the file is uploaded I need a way of changing the file rights without embedding the root password into a php script running on the domain. please help!
is there any way to associate the same rights to files as the containing folder when new files are added?
submit form:
<html> <body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>
upload_file.php:
<?php if ($_FILES["file"]["type"] == "text/plain") { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("/home/user/mysite/upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "/home/user/mysite/upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?>
-
JB87 over 13 yearsthanks, but how can I use this permission output to solve the problem?
-
Jeff Rupert over 13 yearsAfter you've uploaded the file, you can use
fileperms
on the folder to get the permissions, then usechmod
with the result offileperms
to set the permissions as you want. -
JB87 over 13 yearsthanks for the hack, but after trying it instead of getting full rights I get some very strange permissions? '-r----x--t 1 www-data www-data 0 2010-09-24 15:53 readme.txt'
-
Ibrahim over 13 yearsThis because the file has sticky bit, which again comes with move_uploaded_files function.
-
JB87 over 13 yearslooks like there was a typo. in PHP the correct format is 'chmod($f,0777)'. leading zero was missing. this now works perfectly!!
-
JB87 over 13 yearsthanks for the umask(600) info on move_uploaded_file, where can I quickly reference more info like this? on the PHP module rights in linux
-
JB87 over 13 yearsthanks for the tip, I could see how this could work for dynamic systems with multiple folders and users.
-
Marc B over 13 yearsAs well, you can make the
upload/
directory SETGID (mode 2xxx), which forces any new files within it to be created with the upload directory's group ownership. -
Ibrahim over 13 yearsI checked it on my system by calling umask function before and after move_uploaded and copy function in a test php script.