Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP Upload file permission problems

Discussion in 'General Discussion' started by bridgeway04, Apr 7, 2010.

  1. bridgeway04

    bridgeway04 Member

    Joined:
    Jun 2, 2008
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    51
    Guys/Gals

    Im using a PHP upload script that was previously working flawlessly. Recently for some reason unknown to me, when i do a php file upload it assignes the file permissions: 600 and owner gets set to 99. Im not sure what eh owner was set to previously when it was working before the change, however i do know that permissions were set to: 644 by default when it was uploaded.

    The real problem is that I cant even download the file via ftp.

    So my question is: Is there an apache setting that was updated or changed that is causing this and can it be changed in a secure way? This has become a headache for me and i would like to get it resolved... Any ideas?

    :confused:
     
    #1 bridgeway04, Apr 7, 2010
  2. cPanelJamyn

    cPanelJamyn Social Engineer
    Staff Member

    Joined:
    Jan 29, 2009
    Messages:
    105
    Likes Received:
    2
    Trophy Points:
    143
    Hi,

    Without seeing the script in question, it's difficult to give you an accurate answer. However, it sounds like you are using suPHP for apache (good) but your script is acting as though you are still using DSO mode (bad). UID 99 is typically the 'nobody' user, which matches this theory.

    Is there a config file for your upload script that allows you to specify how it behaves in regards to ownership, and/or and what the perms should be for uploads? I'd also check to see if there is a newer version of whatever you're using that accounts for suPHP installs.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelJamyn, Apr 7, 2010
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    Cpaneljamyn hit it right on target ....

    Your server is running PHP as a DSO (mod_php) which is very bad for many reasons including security, resource waste, and as you have now seen ownership conflicts.

    Any file uploaded by script under DSO will be given the owner "nobody" which is fine until you realize you have to access the file with some other account other than the generic Apache "nobody" user which might be you trying to edit the file or even the nightly backup process which will often skip those files and omit them from backup for the same reason.

    I strongly do not recommend using DSO based PHP on any server ....

    There is two strong alternatives that I would look to as to the type of PHP you should be using depending on your situation. On is SuPHP and the other is FCGI and there is certain advantages and strengths to each so which you go with really depends on your own situation but I would definitely look to getting one of those for your PHP platform.

    If you are on a shared hosting account and don't have access to change the PHP on your server then my advice is change hosts quickly.

    Regarding your immediate problem, you will need to change the permissions on the files to something other than 600 such as 644 or even 666 if necessary and then you should be able to fully access those files with your own login. If you are wondering how you can do that, you should be able to change the permissions from another PHP script because it will also execute as user "nobody" while your server still remains DSO based.

    Bottom line though is get off of DSO and you won't have this problem anymore.
     
    #3 Spiral, Apr 7, 2010
  4. meglio

    meglio Registered

    Joined:
    May 3, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    The same problem, 666 does not help

    Hello.

    I have the same problem and I assigned 666 permission before to change file owner. Here is an example:

    exec("chmod 0777 /home/meglio/license.txt");
    exec("chown meglio /home/meglio/license.txt");

    license.txt now has all permissions, but owner is still "nobody".
    Any ideas?

    Thanks,
    Anton

    UPDATE

    My hosting provider support confirmed that we are not running suPHP and he proposed to reconfigure
    the server to run under suPHP.

    I currently have 2 big sites running on this server and I'm afraid if this switch will affect them somehow?
    The priority is to solve the problem by keeping everything working live on the server.
     
    #4 meglio, May 4, 2010
    Last edited: May 4, 2010
(You must log in or sign up to post here.)
Loading...
Similar Threads - Upload file permission
  1. linux4me2

    Files and Folders Uploaded By sFTP Have Incorrect Permissions

    linux4me2, Sep 8, 2017, in forum: EasyApache
    Replies:
    11
    Views:
    2,261
    cPanelMichael
    Oct 11, 2017
  2. WorkinOnIt

    SOLVED Incorrect upload File permissions 664

    WorkinOnIt, May 1, 2017, in forum: General Discussion
    Replies:
    17
    Views:
    2,990
    cPanelMichael
    Feb 12, 2018
  3. Marc Johnson

    Upload File Size

    Marc Johnson, Oct 21, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    128
    cPanelLauren
    Oct 23, 2018
  4. hadiyoga

    Could not upload test file: Users may not upload files

    hadiyoga, Sep 27, 2018, in forum: Data Protection
    Replies:
    2
    Views:
    288
    MatrixxCH
    Nov 2, 2018
  5. Benjamin D.

    SOLVED Pure-FTPD + FileZilla partial uploads get deleted when client's IP changes

    Benjamin D., Sep 25, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    200
    cPanelLauren
    Sep 28, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice