What are the proper permissions for an upload folder with PHP/Apache?

php apache upload
112,454

Solution 1

You can create a new group with both the apache user and FTP user as members and then make the permission on the upload folder 775. This should give both the apache and FTP users the ability to write to the files in the folder but keep everyone else from modifying them.

Solution 2

I would go with Ryan's answer if you really want to do this.

In general on a *nix environment, you always want to err on giving away as little permissions as possible.

9 times out of 10, 755 is the ideal permission for this - as the only user with the ability to modify the files will be the webserver. Change this to 775 with your ftp user in a group if you REALLY need to change this.

Since you're new to php by your own admission, here's a helpful link for improving the security of your upload service: move_uploaded_file

Solution 3

I would support the idea of creating a ftp group that will have the rights to upload. However, i don't think it is necessary to give 775 permission. 7 stands for read, write, execute. Normally you want to allow certain groups to read and write, but depending on the case, execute may not be necessary.

Solution 4

I will add that if you are using SELinux that you need to make sure the type context is tmp_t You can accomplish this by using the chcon utility

chcon -t tmp_t uploads

Solution 5

What is important is that the apache user and group should have minimum read access and in some cases execute access. For the rest you can give 0 access.

This is the most safe setting.

Share:
112,454
Raleigh Buckner
Author by

Raleigh Buckner

A dynamic and results-driven Information Technology Professional with 15+ years’ experience building high-performance, scalable web-based, and standalone multi-tier applications that solve business problems effectively. Excellent knowledge of requirements gathering, performance tuning, code reviews, test planning, build, deployment, and memory management.

Updated on June 07, 2020

Comments

  • Raleigh Buckner
    Raleigh Buckner almost 4 years

    Sorry for the basic question - I'm a .NET developer and don't have much experience with LAMP setups.

    I have a PHP site that will allow uploads to a specific folder. I have been told that this folder needs to be owned by the webserver user for the upload process to work, so I created the folder and then set permissions as such:

    chown apache:apache -R uploads/
chmod 755 -R uploads/

    The only problem now is that the FTP user can not modify the uploaded files at all.

    Is there a permission setting that will allow me to still upload files and then modify them later as a user other than the webserver user?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache 403 Forbidden When Uploading Files
Cannot increase maximum upload file size in local WordPress
Enable permissions on a folder to allow file upload.
move_uploaded_file(): Unable to move '/tmp/phpiS3dQA' to '/var/www/html/mysite/uploads/PNGWallpaper.png
Efficient method for large file uploads ( 0 - 5GB ) through php
WAMP "Unable to load dynamic library php_intl.dll"
File upload not working with $_FILES
Activation Curl on EasyPHP
Docker - Run Apache on host and container for different websites
How can I resolve a cross-site Google Analytics cookie `SameSite=None` warning in Chrome on Apache 2.4 and PHP 7.1?