What are the proper permissions for an upload folder with PHP Apache

Question

Sorry for the basic question - I m a  NET developer and don t have much experience with LAMP setups   I have a PHP site that will allow uploads to a specific folder  I have been told that this folder needs to be owned by the webserver user for the upload process to work  so I created the folder and then set permissions as such   chown apache apache -R uploads  chmod 755 -R uploads    The only problem now is that the FTP user can not modify the uploaded files at all   Is there a permission setting that will allow me to still upload files and then modify them later as a user other than the webserver user

User · Answer

I will add that if you are using SELinux that you need to make sure the type context is tmp t  You can accomplish this by using the chcon utility     chcon -t tmp t uploads

User · Answer

Remember also CHOWN or chgrp your website folder  Try  myusername  chown -R myusername  www uploads

User · Answer

Based on the answer from  Ryan Ahearn  following is what I did on Ubuntu 16 04 to create a user front that only has permission for nginx s web dir  var www html   Steps      pre-steps        basic prepare of server        create user  dev          which will be the owner of   var www html                install nginx              create user  front      sudo useradd -d  home front -s  bin bash front     sudo passwd front        create home folder  if not exists yet      sudo mkdir  home front       set owner of new home folder      sudo chown -R front front  home front        switch to user      su - front        copy  bashrc  if not exists yet      cp  etc skel  bashrc  front      cp  etc skel  profile  front         enable color      vi  front  bashrc       uncomment the line start with  force color prompt          exit user     exit      add to group  dev       sudo usermod -a -G dev front   change owner of web dir      sudo chown -R dev dev  var www   change permission of web dir      chmod 775   find  var www html -type d      chmod 664   find  var www html -type f       re-login as  front      to make group take effect       test      ok

User · Answer

I would support the idea of creating a ftp group that will have the rights to upload  However  i don t think it is necessary to give 775 permission  7 stands for read  write  execute  Normally you want to allow certain groups to read and write  but depending on the case  execute may not be necessary

User · Answer

What is important is that the apache user and group should have minimum read access and in some cases execute access  For the rest you can give 0 access   This is the most safe setting

User · Answer

You can create a new group with both the apache user and FTP user as members and then make the permission on the upload folder 775   This should give both the apache and FTP users the ability to write to the files in the folder but keep everyone else from modifying them

User · Answer

I would go with Ryan s answer if you really want to do this   In general on a  nix environment  you always want to err on giving away as little permissions as possible   9 times out of 10  755 is the ideal permission for this - as the only user with the ability to modify the files will be the webserver  Change this to 775 with your ftp user in a group if you REALLY need to change this   Since you re new to php by your own admission  here s a helpful link for improving the security of your upload service  move uploaded file

[php] What are the proper permissions for an upload folder with PHP/Apache?

Examples related to php

Examples related to apache

Examples related to upload