SyntaxFix

[php] What are the proper permissions for an upload folder with PHP/Apache?

Sorry for the basic question - I'm a .NET developer and don't have much experience with LAMP setups.

I have a PHP site that will allow uploads to a specific folder. I have been told that this folder needs to be owned by the webserver user for the upload process to work, so I created the folder and then set permissions as such:

chown apache:apache -R uploads/
chmod 755 -R uploads/

The only problem now is that the FTP user can not modify the uploaded files at all.

Is there a permission setting that will allow me to still upload files and then modify them later as a user other than the webserver user?

This question is related to php apache upload

The answer is

I would support the idea of creating a ftp group that will have the rights to upload. However, i don't think it is necessary to give 775 permission. 7 stands for read, write, execute. Normally you want to allow certain groups to read and write, but depending on the case, execute may not be necessary.

What is important is that the apache user and group should have minimum read access and in some cases execute access. For the rest you can give 0 access.

This is the most safe setting.

I will add that if you are using SELinux that you need to make sure the type context is tmp_t You can accomplish this by using the chcon utility

chcon -t tmp_t uploads

I would go with Ryan's answer if you really want to do this.

In general on a *nix environment, you always want to err on giving away as little permissions as possible.

9 times out of 10, 755 is the ideal permission for this - as the only user with the ability to modify the files will be the webserver. Change this to 775 with your ftp user in a group if you REALLY need to change this.

Since you're new to php by your own admission, here's a helpful link for improving the security of your upload service: move_uploaded_file

Remember also CHOWN or chgrp your website folder. Try myusername# chown -R myusername:_www uploads

Based on the answer from @Ryan Ahearn, following is what I did on Ubuntu 16.04 to create a user front that only has permission for nginx's web dir /var/www/html.

Steps:

* pre-steps:
    * basic prepare of server,
    * create user 'dev'
        which will be the owner of "/var/www/html",
    * 
    * install nginx,
    * 
* 
* create user 'front'
    sudo useradd -d /home/front -s /bin/bash front
    sudo passwd front

    # create home folder, if not exists yet,
    sudo mkdir /home/front
    # set owner of new home folder,
    sudo chown -R front:front /home/front

    # switch to user,
    su - front

    # copy .bashrc, if not exists yet,
    cp /etc/skel/.bashrc ~front/
    cp /etc/skel/.profile ~front/

    # enable color,
    vi ~front/.bashrc
    # uncomment the line start with "force_color_prompt",

    # exit user
    exit
* 
* add to group 'dev',
    sudo usermod -a -G dev front
* change owner of web dir,
    sudo chown -R dev:dev /var/www
* change permission of web dir,
    chmod 775 $(find /var/www/html -type d)
    chmod 664 $(find /var/www/html -type f)
* 
* re-login as 'front'
    to make group take effect,
* 
* test
* 
* ok
*

Source: Stackoverflow.com

Examples related to php

I am receiving warning in Facebook Application using PHP SDK Pass PDO prepared statement to variables Parse error: syntax error, unexpected [ Preg_match backtrack error Removing "http://" from a string How do I hide the PHP explode delimiter from submitted form results? Problems with installation of Google App Engine SDK for php in OS X Laravel 4 with Sentry 2 add user to a group on Registration php & mysql query not echoing in html with tags? How do I show a message in the foreach loop?

Examples related to apache

Enable PHP Apache2 Switch php versions on commandline ubuntu 16.04 Laravel: PDOException: could not find driver How to deploy a React App on Apache web server Apache POI error loading XSSFWorkbook class How to enable directory listing in apache web server Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details How to enable php7 module in apache? java.lang.RuntimeException: Unable to instantiate org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient The program can't start because api-ms-win-crt-runtime-l1-1-0.dll is missing while starting Apache server on my computer

Examples related to upload

Upload file to SFTP using PowerShell This application has no explicit mapping for /error Schedule automatic daily upload with FileZilla jQuery AJAX file upload PHP How to find when a web page was last updated Summernote image upload on change event for file input element Multiple files upload in Codeigniter How to upload files on server folder using jsp How do I measure request and response times at once using cURL?

Tags

Multiple-variable-return Strncpy Albpm Qregexp Cabasicanimation Uitextviewdelegate Use-strict Oncreate Cen-xfs Message-loop Db2-400 Worldwind Google-ajax-api Zend-navigation Cfquery Tycho Topmost Gravatar Quercus Allegro-cl Apache-felix Permissions Svn-client Starteam Delayed-execution Pagemethods Dlna Nsdateformatter Django-templates Uiimagejpegrepresentation Xjc Nstablecolumn Angular-momentum Quickcontact Oftype Xhtml Sigterm Sequential Boxy Null-uniqueidentifier Appfabric Primavera Codesignkey Downcast Maximize Wli Named-scopes Send-port Feature-selection Optionparser Test-data Jaxb2 Vb.net Isinrole Dml Rtsp-client Texnic-center Database Soap4r Word-wrap Explicit-conversion Regfreecom Jacorb Titleview Spoof Django-signals Svndumpfilter Json-framework Pushdown-automaton Stubs Corpus Console-output Chardet Commonj S-expression Windows-controls Vendor Ditto Vmware-player Timedelta Limit-choices-to Alsa Digg String-building Deepzoom Pbkdf2 Login-script Avahi Matrix-storage Literals Navision Staruml File-browser Metric-system Ms-project-server-2010 3d-secure Filedialog Xelatex Wtai Quantum-computing