The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP unable to move uploaded files unless if the destination folder permission is 0777

Discussion in 'General Discussion' started by cynux, Sep 6, 2006.

  1. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    I just installed rhel4 on one of my servers, now I'm not able to use move_uploaded_file() function it ends in a failure, if the uploads folder is set to 0666 file permission. :confused:

    It works in 0777, but that's not very good as its gives out execute permission to the folder which is a security risk.:eek:

    I have been using rhel3, but I'm new to rhel4... so if anyone of you can help me... it'll be much appriciated... :)
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Try adjusting "safe_mode" in php.ini
     
  3. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    safe_mode is off, i have been using php for ages.. and i have never used it... I dont want to end up messing something up.


    Anyway, here is more info about everything:

    PHP
    ------------
    Safe Mode: Off
    SuExec: Off
    I'm using php4_module

    Apache
    ------------
    1.37
     
  4. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36

    How about disabling openbase_dir for a test.
     
  5. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
  6. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is your php running under user "nobody", or are you running with phpSuExec? So far as I know, if your php is running as nobody, it can't write to the folder unless it has the permissions necessary to... in this case, 777 (global read write execute), since the folder would be owned by the actual cPanel user, and not "nobody".
     
  7. cynux

    cynux Well-Known Member

    Joined:
    Jul 30, 2005
    Messages:
    113
    Likes Received:
    0
    Trophy Points:
    16
    I'm not sure that's true, it has to be 666 (gobal write) which is required, i think.
     
    #7 cynux, Sep 7, 2006
    Last edited: Sep 7, 2006
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You need execute permissions so that you can change into that directory.

    Without execute permission, the PHP script cannot change into that directory to create any files. The directory also needs write permissions. If all you are going to be doing is writing to the directory, I suppose you could just use a permission setting of 333. Further, I suppose you could really just change the permission to 003, but I wouldn't recommend it.

    Really it comes down to 333 or 666 for that matter, is no more secure than 777. Ultimately, if you are wanting to use a PHP script to write files, you need to be running PHP as CGI and using some type of suexec wrapper to execute the PHP script as your username. This eliminates the need for 777 directories, you can just keep directories at 755 and PHP scripts will be able to upload to that directory.

    Hope this helps.
     
Loading...

Share This Page