2

I'm trying to upload a file with an html/ php form. And I keep getting this error:

PHP Warning: move_uploaded_file(/var/www/html/envioDoc/archivosAlumnos/archivo-dni-): failed to open stream: Permission denied in /var/www/html/envioDoc/avisos-de-pago.php on line 45, referer: http://54.85.84.42/envioDoc/index.html

Line 45 in my php file is the move_uploaded_file() function.

So, I've done this at the command line on the server:

ps aux | grep httpd

The first column of the result is my logged in username: ubuntu

And after that:

sudo chown ubuntu /var/www/html/envioDoc/archivosAlumnos

chmod -R 0755 /var/www/html/envioDoc/archivosAlumnos

But the error kept appearing, so I've changed the perms to 0777.

Is that insecure? Why it didn't worked with 0755?

halfer
  • 19,824
  • 17
  • 99
  • 186
Rosamunda
  • 14,620
  • 10
  • 40
  • 70
  • 1
    Yes, 777 is a security issue. The underlying problem may be because of the file's permissions. Try changing the file's permissions to either 644 or 777 and the folder back to 755. – Funk Forty Niner May 22 '16 at 14:44
  • What user/group/perms are set on the folder you're trying to write to? Do `ls -l /var/www/html/envioDoc/archivosAlumnos/` (assuming that's your target folder). Good afternoon @Fred-ii-! – halfer May 22 '16 at 14:51
  • 1
    *Afternoon* @halfer - It's still "morning" here, but we're slowly getting there ;-) Loving this bright sunny day! *Cheers* and now leaving to go outside to enjoy this beautiful sunshine. – Funk Forty Niner May 22 '16 at 14:53
  • 1
    User/group the server runs under are quite relevant. And a current setup with FPM/suexec would make this irrelevant. The real security issue is keeping temp/uploaded files web-accessible, btw. – mario May 22 '16 at 15:01
  • 1
    See also: [In a PHP / Apache / Linux context, why exactly is chmod 777 dangerous?](http://stackoverflow.com/q/2338641), [How will a server become vulnerable with chmod 777?](http://stackoverflow.com/q/11271596), ... – mario May 22 '16 at 15:05

1 Answers1

1

I believe that you need to set permission 0777 because php needs the ability to write files, because php runs its own process often under its own user it will not be able to write files. Permission 0777 just means that you wish to allow all processes the ability to read write and execute files whereas 0755 only allows owner to read write and execute files but other users such as php to only read and execute.

Now about security:

Because the only real change here is granting php write permission. Now this by itself is not a security problem, as long as you are sanitizing the files you allow to be uploaded. But it does technically open you up to more atteck vectors such as malicious file upload there really is no other way for you to allow file uploads to occur, it is all up to how you processes your files such as blacklisting certain extensions and ensuring file size limits to keep your server secure.

On a side note:

You may also want to drop the execute permission on that folder asking as you do not store any of the php files that you are running in the same directory that you wish to upload files to, which you shouldn't be. Your file upload directory should only have read and write permissions and does not need execute permissions by running the command below

chmod go+rw file

Which is the equivalent to:

chmod -R 0666 /Mohammad/is/cool

Which will make a file readable and writable by the group and others. You can read more about that here and here

Mohammad Ali
  • 878
  • 8
  • 16
  • 1
    @halfer is that better? – Mohammad Ali May 22 '16 at 14:51
  • 2
    `0755` means that the *owner* (not root) can read, write and execute. The first 5 is for the group (the one where the owner is in), meaning users in the same group can read and execute. And the second 5 is for everyone else, meaning the same. – Charlotte Dunois May 22 '16 at 15:04
  • @CharlotteDunois Yes your right, I always get owner and root confused, I'll edit out root and put in owner right now – Mohammad Ali May 22 '16 at 15:10