Best IT Recipes

Apache permissions, PHP file creation, MKDir crash

I can't seem to create files. When I set permissions for 777 in the folder where I am trying to create the folder, then the script works fine. If the folder is set to 755, it fails. I am not very versed in Linux, but I believe this is necessary. I spent a couple of hours trying. Does anyone know how to make apache have sufficiently high resolutions.



I know this is a problem with permissions and apache, I just don't know how to fix it. I edited the httpd.conf file, but I really don't know what I'm doing ... Any help? (I backed up.)

+21
php apache file-permissions
Mar 02 2018-11-11T00:
source share
4 answers

Please stop suggesting using 777. You make your file writable to everyone, which pretty much means that you will lose all the security for which the permission system was created. If you suggest this, consider the consequences that might have on a poorly configured web server: it would be incredibly easy to β€œhack” a website by overwriting files. So, no need.

Michael: There is a good reason why your script cannot create a directory, a user working with PHP (which may be different from Apache) simply does not have sufficient rights to do this. Instead of changing permissions, I think you should solve the main problem, that is, your files have the wrong owner, or Apache or PHP are working under the wrong user.

Now it looks like you have your own server installed. You can determine which user runs PHP by running a simple script that calls the whoami program installed on most linux:

<?php echo `whoami`;

If everything is correct, you should see that the PHP username is working under. Depending on your OS, this may be www-data, nobody, http, or any other option. If your website is the only website, this is easy to change by modifying your custom Apache. If you have Debian, as I'm used to, you can edit the / etc / apache 2 / envvars file (with root privileges) and change the value for APACHE_RUN_USER. Depending on your OS, this variable may be set in another configuration file, so if you cannot find it in / etc / apache 2 / envvars, try to find the variable declaration using:

 $ grep -R "APACHE_RUN_USER=" .

From the directory are all the apache-config files.

If you are not the only one on the server, you may need to create user accounts for each website and use something like Apache2-MPM-ITK to change RUN_USER depending on which website is being called. Also, make sure that the user with the PHP process is the owner of the files and directories. You can do this using chown:

 % chown theuser:theuser -R /var/www/website/

If PHP works with its own user and is the owner of the files and directories to which it should be written, 700 permissions will be sufficient. I usually use 750 for most files, although as a rule I have several users in this group and they may have read permissions. Thus, you can change the permissions:

 % chmod 0750 -R /var/www/website/

It should be like that. If you have any problems, let us know, and please never resort to tips that essentially tell you: if security bothers you, remove security.

+82
Mar 02 '11 at 9:15
source share

I have a similar problem, but in my case I run SELinux, and this failed even with permission 0777. It turns out I need to explicitly allow httpd to have write access to the directory using:

 chcon -R -t httpd_sys_rw_content_t <PARENT_OF_MKDIR_TARGET>

SELinux troubleshooter may have more detailed information.

+9
May 08 '13 at 17:19
source share

On ubuntu, you are editing / etc / apache 2 / envvars, as Berry suggested.

When you change your Apache user, beware of unforeseen consequences. One of these is PHP sessions, which can be stored in / var / lib / php 5. You may need to change the ownership of this folder.

+6
Sep 26 2018-11-11T00:
source share

The php user (www-data, php, apache, no matter what it may be) must have write permissions to the 755 directory. I assume that he is not a member of the folder creator's group, otherwise he will be able to write to him. Either add the php user to the group, or change the folder permissions to 777. If none of them is a parameter, you can use the PECL SSH2 extension to log in with the user in the group (or the file owner), and create files instead of this.

+1
Mar 02 2018-11-11T00:
source share


More articles:


All Articles