Deleting a file(s) from server PHP - Permission denied unlink

Question

I want to delete files from my local server that's running on my beaglebone.

I have created a page that displays all the files and lets you select the files to delete. (As you can see below)

The webpage returns the names of the files to delete in the form of an array to the php script unlink.php

The code for Unlink.php is:

<?php

$files = $_POST['file'];

print_r($files);

if (empty($files)) {
    echo "No files were selected. Go back to 192.168.7.2 and refresh the page." ;
} else {
    $N = count($files);
    for ($i = 0; $i < $N; $i++) {
        $path = '/Logs/';
        print_r($path);
        #chown($path, 666);
        if (unlink($path . $_GET['$files[$i]'])) {
            echo ": Deleted";
        } else {
            echo "fail";
        }
    }
}
?>

However, whenever I try to delete a file: It fails.

The unlink() php function isn't being implemented properly and I'm not sure why. How do I do this the right way?

The index.html page is located in /var/www/html and the logs are located in /var/www/html/Logs/. The address of the local server is 192.168.7.2

Form code:

<?php

$url = $_SERVER['DOCUMENT_ROOT'];
$path = "/var/www/html/Logs";
$dh = opendir($path);
$k = 0;
$foo = True;

while (($file = readdir($dh)) !== false) {
    
    if ($file != "." && $file != "..") {
        
        if ($k == 0 || $k % 6 == 0) {
            $col .= "<tr><td><input type='checkbox' name='file[]' value='$file'>  <a href='Logs/$file'>$file</a><br /></td>";
        } else if ($k % 6 == 5) {
            $col .= "<td><input type='checkbox' name='file[]' value='$file'>  <a href='Logs/$file'>$file</a><br /></td></tr>";
        } else {
            $col .= "<td><input type='checkbox' name='file[]' value='$file'>  <a href='Logs/$file'>$file</a><br /></td>";
        }

        $k++;
    }
}
echo "<form action='unlink.php' method='post'><table>$col</table><br/><center><input type='submit' name='formSubmit' value='Delete' /></center></form>";

closedir($dh);
?>

EDIT: PHP display-errors

Warning: chmod(): Operation not permitted in /var/www/html/unlink.php on line 17 chmod($path . $files[$i], 0755);

Warning: unlink(/var/www/html/Logs/2017.01.24--13.43.43--0.log): Permission denied in /var/www/html/unlink.php on line 18 fail if (unlink($path . $files[$i]))

but when I check ls -la for /Logs -> it shows up as it belongs to www-data. How do I change the permissions beyond this?

Permissions:

`chown($path,666)` makes no sense. Unless if course you really do have a user named "666" — apokryfos, Feb 07 '17 at 15:55
Sorry, that was an old part of the code - I was trying to see if that was the issue when I had the entire filepath in $path, but I've changed that since. — avelampudi, Feb 07 '17 at 15:57
Your issue is probably `$_GET['$files[$i]']`. Just a guess, depending on the rest of your code, that it should be something like `$_GET[$files[$i]['name']]` (remove the single quotes around the `$files[]`, and add the actual file name.) — Sean, Feb 07 '17 at 16:01
You are using both $_POST and $_GET, it's odd.. Can you share a bit of your form code ? — apokryfos, Feb 07 '17 at 16:01
`$files = $_POST['file'];` that should more likely be `$files = $_FILES['file'];` (I could be wrong about that), but it's unsure as to the missing HTML form. In any case, check for errors with PHP's error reporting. IMHO, there isn't enough code to support the question and if they are treated as arrays. — Funk Forty Niner, Feb 07 '17 at 16:01
I've included the form code now, I hope that helps understand how the file names are being sent to unlink.php — avelampudi, Feb 07 '17 at 16:05
You used `$path = "/var/www/html/Logs";` but then `$path='/Logs/';` so why not use the same path? could be a path issue. Again; error reporting would tell you if something's right or not. http://php.net/manual/en/function.error-reporting.php — Funk Forty Niner, Feb 07 '17 at 16:09
(1) Your checkboxes are not inside your form tags. (2) Your form is `method='post'`, so you need to get rid of the `$_GET`. — Sean, Feb 07 '17 at 16:11
@Sean *"Your checkboxes are not inside your form tags"* - I suggested that in their other question; they said it had nothing to do with that. http://stackoverflow.com/q/42076881/1415724 — Funk Forty Niner, Feb 07 '17 at 16:12
I stayed long enough; if anybody helped provide a solution; ping. I moved on, good luck sincerely. — Funk Forty Niner, Feb 07 '17 at 16:16
@Fred-ii- I missed where they were building the rows in `$col` (not directly echoed) and then echoing `$col` in the form. Sometimes I read without really reading. — Sean, Feb 07 '17 at 16:16
So the reason why I changed the path from /var/www/html/Logs is because the actual server doesn't access that. In my form code, as you can see, the hyperlinks which download the .log files are only called from 192.168.7.2/Logs/filename.log. I changed the code to `$path = '/var/html/www/Logs';` `if(unlink($path.$files[$i])` instead of `_GET` but still, it fails. — avelampudi, Feb 07 '17 at 16:17
@Sean 'twas an honest mistake (that I made also). Hey, nobody's perfect...well, Jimmy Page maybe, but that's another story ♫~. — Funk Forty Niner, Feb 07 '17 at 16:18
@avelampudi if you tried `$path = "/var/html/www/Logs/"; if (unlink($path.$files[$i]))` (note the trailing slash in the path) and it doesn't work then it may be a permissions issue (which changed using `chmod` not `chown` ) — apokryfos, Feb 07 '17 at 16:22
Permissions for the `/Logs` folder is already set to `www-data` I'm clueless as to why it's not working, unless there's something wrong with the filepath — avelampudi, Feb 07 '17 at 16:29
Checking out the PHP display-errors: _Warning: chmod(): Operation not permitted in /var/www/html/unlink.php on line 17_ :: `chmod($path . $files[$i], 0755);` _Warning: unlink(/var/www/html/Logs/2017.01.24--13.43.43--0.log): Permission denied in /var/www/html/unlink.php on line 18 fail_ :: `if (unlink($path . $files[$i]))` but when I check ls -la for /Logs -> it shows up as it belongs to www-data. How do I change the permissions beyond this? — avelampudi, Feb 07 '17 at 16:46
1: Does the owner of the file have write permission? 2: Is the server process actually run by the user www-data? — Rad80, Feb 07 '17 at 17:00
@Rad80 I've included an image of the permissions in the question if you want to take a look. This is my first time working with a web interface so I'm not exactly sure who www-data is , but from what I've gathered from the web, it owns the web server. — avelampudi, Feb 07 '17 at 17:07

user5542121 · Answer 1 · 2017-02-08T08:10:42.907

<?php

$files = $_POST['file'];
$path = "/var/www/html/Logs/";
print_r($files);

if (empty($files)) {
    echo "No files were selected. Go back to 192.168.7.2 and refresh the page." ;
} else {
    foreach ($files as $file) {
        if (unlink($path . $file)) {
            echo $path. $file ." : Deleted";
        } else {
            echo $path. $file . " : fail";
        }
    }
}
?>

That should do it, $path was wrong, and even if you had used the same as in the other code, it was missing a slash. Nonetheless this code is not going to prevent malicious user actions. How to avoid UNLINK security risks in PHP?

From your updated question I can see that the Logs folder is a symlink to /media/card/Logs. What is the output of ls -la /media/card?

Some further reads:

I tried this code out and got the following errors: Notice: Undefined index: $files[$i] in /var/www/html/unlink.php on line 21 Warning: unlink(/var/www/html/Logs/): Not a directory in /var/www/html/unlink.php on line 21 — avelampudi, Feb 07 '17 at 17:13

score 0 · Answer 2 · answered May 06 '20 at 01:09

Make sure the file that you are trying to pass to unlink() / delete is not being opened. If the file is .exe or etc please also check in Windows Task Manager -> Process and then kill it.
Change permission status of file. Maybe you can't have access to delete the file (execute permission).

After you sure the file is not being opened 1, then lets try this code :

// Check existence of file
if (file_exists($cekFile1)) {
    // make sure you have permission to delete file
    if(chmod($fileDir, 0777)){
        if(!unlink($cekFile1)){
            echo "unlink is fail !";
        }
    }else{
        echo "chmod is fail";
    }
    // owner have read, write, execute rights.
    // owner's user group only have read rights.
    // everybody else only have read rights.
    chmod($fileDir, 0744);

}

For more information about chmod(), please check this reference:

php.net.

php-cmod-function.

Deleting a file(s) from server PHP - Permission denied unlink

2 Answers2