File access permissions php

Giving PHP permission to write to files and folders

Once you know which is the user executing the scripts, and which’s the owner of the files you mention, it is up to you to set appropriate permissions. PHP files, and write access to its file upload directories.

Giving PHP permission to write to files and folders

UPDATED FOR FURTHER CLARITY:

According to http://expressionengine.com/user_guide/installation/installation.html, it says:

For most Unix hosts the following is typical, but you may check with your host to see if more restrictive permissions can be used to allow PHP to write to files (666) and folders (777) . On Windows servers the following will not apply, but you will need to ensure that the files and folders are writable by ExpressionEngine. You may need to contact your host for this.

Not sure what this means. I can change the specific files and folders to 666 and 777 respectively where I am the chown’er, but the above sounds like I need to allow PHP to do this too?

ORIGINAL QUESTION:

I need to ensure that PHP can write to specific files (666) and folders (777).

I will complete rahmu’s and MV’s answers with a technical solution. Everything that follows is valid for UNIX-like systems only.

Scroll past the chmod/chown section for an example using ACLs — a more powerful tool than UNIX file modes.

Finding your web server username

First, you will need to know the username under which your web server runs. If you are using Apache, it can be apache or httpd , www-data , etc. On most Debian-like systems, Apache is www-data . For nginx, generally, it is also www-data .

ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1 

Ensure that the username this command returns is coherent (for example, I use nginx 99% of time, but this command returns tomcat7 , a Java web server I installed once) .

Giving permissions to the web server: using chmod and chown

Doing a chmod of 666 or 777 (the go-to solution for that kind of problems in bad documentations/tutorials) can magically make things work, but is insecure. Giving 666 or 777 permissions will give access to «others». So not just Apache, but also grandmother and nsa (provided that those user accounts exist on your machine — but no really, please avoid doing this unless it’s just for testing/troubleshooting).

It is better to be more specific and give permissions to just you and Apache. Change the group of your files to give the full control on your files to the web server. To do this, change the owner recursively:

chown -R www-data:www-data your/folder/ 

But most likely, you may want to keep full access on your files by changing the group only:

chown -R yourusername:www-data your/folder/ 

Then, do the appropriate chmod to give the group www-data the same permissions as you. For example, if the current mode is 640 (6 for you, 4 for www-data, 0 for others, translating to -rw-r——) , set it to 660 (6 for you, 6 for www-data, 0 for others, translating to -rw-rw—-) . See rahmu’s answer to learn more about file modes, it’s an old, however elegant mechanism.

To avoid manipulating arcane numbers with chmod , you can also use this syntax:

It means «to the group ( g ), add ( + ) read and write ( rw ) permissions on folder your/folder/ , recursively ( -R )».

In 90% of cases, this should be enough.

My preferred method: using ACLs (Access Control List)

Sometimes the first solution is not sufficient. I will take the example of Symfony Framework that logs and caches a lot of data. So it needs write access to the appropriate folder.

And the chmod / chown method may not be sufficient, when you are using in parallel the Symfony Console in CLI (under my user account) and the Web (web server user). This causes a lot of problems because Symfony is constantly modifying permissions.

In this case, we will use the ACL (Access Control List), which is a more advanced way to manage permissions on many UNIX systems.

Here the commands given by the official Symfony documentation ( please change app/cache and app/logs to your needs ):

On a system that supports chmod +a (ie. not Debian/Ubuntu)

sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs 

On a system that does not support chmod +a (most common)

You will need the setfacl tool; maybe it is installed on your system by default, so try setfacl -v to see if the command is available.

If the command is not available, and you are using Ubuntu 14.04+, you’ll just have to install the tool:

Otherwise, follow your OS documentation, because you may need to change how your partition is mounted (Ubuntu documentation here).

sudo setfacl -R -m u:"www-data":rwX -m u:`whoami`:rwX app/cache app/logs sudo setfacl -dR -m u:"www-data":rwX -m u:`whoami`:rwX app/cache app/logs 

I never had any problems with this method, satisfied or your money back.

No matter who’s the owner of the files, 666 permissions and 777 would be enough: the last digit makes sure that every user on the system has access. While this is the easiest way to do it, it is definitely not the safest for that exact reason.

A better way to do it

The first thing you need to understand is how Unix permissions work. In the interest of understanding the answer I gave at this link, please note that permissions can be translated to numbers:

A chmod 666 is then equivalent to changing permissions to rw-rw-rw .

Next you have to figure out which is the user that is executing the PHP script. Normally that would be the user running your web server. Here’s an example of how to do this (you can replace Apache with the name of your web server).

Once you know which is the user executing the scripts, and which’s the owner of the files you mention, it is up to you to set appropriate permissions. Keep in mind that giving write access (even read) to every user on your system can be potentially disastrous.

Expression Engine is just like many other PHP web applications which need read+write access to some files and directories. For example, EE requires write access to its config.php and database.PHP files, and write access to its file upload directories.

What the documentation is stating is that, as most servers run PHP as mod_php (and so run with the permissions of the web server), and as you probably will upload your files with FTP (or similar) using your own user, those files and directories will need to be given permissions 666 (everybody can read and write) and 777 (everybody can read, write and browse).

That is not the safest way, but certainly is the easiest, specially if your are using a hosting service.

However, as the EE instructions state, ask your hosting provider, because some don’t use mod_php but a fastcgi, suphp or different version. Those servers run PHP as your own user, so all files you upload are already readable and writable by PHP and by any file created by the EE scripts. In that case files and directories accessed by PHP would need to be given 600 and 700 access. Other files to be accessed directly by the web server (not the PHP runtime) would still need 666 and 777 access).

How to get folder permission to display with php, I know it is easy to see file permissions in php, but I can’t find search reference for directory permissions. Is is possible to display the folder permission and ownership with php? If anyone can answer please also provide the example code. php. Share. Improve this question. Follow edited Jan 17, 2012 at 3:45. …

Php write file and set permission

I’m trying to create a php file which I can edit straight away without manually set the permissions.

block($p_name);?>'; $myFile = "testFile.php"; $fh = fopen($myFile, 'w+') or die("can't open file"); $stringData = $var; fwrite($fh, $stringData); fclose($fh); ?> 

. it creates the file, but when I try to edit the file in my IDE it won’t let me of course. I have to manually set the permission of the file created. Is there any way I can create the file and have the permission already set?

Yes, you can thanks to PHP CHMOD

// Read and write for owner, read for everybody else chmod("/somedir/somefile", 0644); 

Since this aspect wasn’t covered in previous answers I’ll add it here:

chmod() will only take a path string as the 1st argument. So you cannot try to pass to resource that was open with fopen() , in this case $fh .

You need to fclose() the resource and then run chmod() with the file path. So a proper practice would be storing the filePath in a variable and using that variable when calling fopen() rather than passing it a direct string in the first argument.

In the case of the example code in the answer this would simply mean running chmod($myfile, 0755) (the permission code is only an example and be different of course.)

full code after corrections:

block($p_name);?>'; $myFile = "testFile.php"; $fh = fopen($myFile, 'w+') or die("can't open file"); $stringData = $var; fwrite($fh, $stringData); fclose($fh); // Here comes the added chmod: chmod($myFile, 0755); ?> 

Php has chmod, works just like the Linux version.

What should the Unix file system permissions be for, You may be confusing the roles of PHP and the file system. PHP does not have read, write, or executable permissions. Those are handled by the underlying filesystem (ext4, NTFS, etc). You can use PHP functions such as is_writable() and is_readable() to determine the permissions of a given file, and …

Php file access permission

How can I run a PHP file in Apache as the root user? I tried accessing http://localhost/test.php but it tells me

You don’t have permission to access /test.php on this server.

I have tried to add the root user to Apache group like:

That error occurs when there are not sufficient permissions to access the file.

Open a terminal, and type this command:

chmod 644 /var/www/html/test.php 

You do not need to set permissions as root .

Php session files permissions, Find session.save_path or change Access if Give Permission to this folder And NotWork 1: Or Your Server Not Permission To Change Permission Folder 2: Or PHP Not Permission in your Files Change Temp folder in php.ini Is Better 😉 Try to make a different folder chown it to www-data and set the save …

Источник