PHP upload permission problem
Solution 1
The user, that initially writes the files into your "/upload" directory, is the one that started the Apache instance running a PHP module.
In other words, PHP is the "owner" of all uploaded files and through a PHP script you can change the permissions of all relevant uploaded files without providing any credentials at all:
A quick and dirty hack to make uploaded files writable to all users would be
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
$f="/home/user/mysite/upload/" . $_FILES["file"]["name"]);
chmod($f, 0777);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
Solution 2
move_uploaded_file uses umask(600). Use copy($source, $dest) instead of move.
Solution 3
You can use chmod to change the file permissions.
To get the permissions of a file, use fileperms.
Comments
-
JB87 almost 2 years
right guys ive ran into a problem with file permissions with the following upload form. a text file is passed to the upload/ dir by global users.
mysite$ ls -l drwxrwxrwx 2 user user 4096 2010-09-24 13:07 uploadbut as I am not logged in as root, the new file uploaded to the domain saved itself in the upload/ dir with limiting permissions and cannot be modified. eg.
upload$ ls -l -rw-r--r-- 1 www-data www-data 3067 2010-09-24 13:07 Readme.txtthis problem is obviously the same for all files added to the upload folder by global users. once the file is uploaded I need a way of changing the file rights without embedding the root password into a php script running on the domain. please help!
is there any way to associate the same rights to files as the containing folder when new files are added?
submit form:
<html> <body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>upload_file.php:
<?php if ($_FILES["file"]["type"] == "text/plain") { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("/home/user/mysite/upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "/home/user/mysite/upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?> -
JB87 over 13 yearsthanks, but how can I use this permission output to solve the problem?
-
Jeff Rupert over 13 yearsAfter you've uploaded the file, you can use
filepermson the folder to get the permissions, then usechmodwith the result offilepermsto set the permissions as you want. -
JB87 over 13 yearsthanks for the hack, but after trying it instead of getting full rights I get some very strange permissions? '-r----x--t 1 www-data www-data 0 2010-09-24 15:53 readme.txt'
-
Ibrahim over 13 yearsThis because the file has sticky bit, which again comes with move_uploaded_files function.
-
JB87 over 13 yearslooks like there was a typo. in PHP the correct format is 'chmod($f,0777)'. leading zero was missing. this now works perfectly!!
-
JB87 over 13 yearsthanks for the umask(600) info on move_uploaded_file, where can I quickly reference more info like this? on the PHP module rights in linux
-
JB87 over 13 yearsthanks for the tip, I could see how this could work for dynamic systems with multiple folders and users.
-
Marc B over 13 yearsAs well, you can make the
upload/directory SETGID (mode 2xxx), which forces any new files within it to be created with the upload directory's group ownership. -
Ibrahim over 13 yearsI checked it on my system by calling umask function before and after move_uploaded and copy function in a test php script.
