Write permissions on uploaded files – Linux, Apache, PHP

Posted on

Write permissions on uploaded files – Linux, Apache, PHP – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, apache-2.2, php, debian, permissions.

I am working on a PHP script that transfers files using FTP functions. It has always worked on my production server (which is a hosting service). The development server I have just setup (I am a novice to servers) is Debian Lenny with Apache2, PHP5, and MySQL5.

The file transfer works correctly, but once the file has been written to the server, it has permissions of 600. This makes it impossible for me to view the file (JPEG) in the web browser, as permission is denied. I have scoured the internet and even broken my server installation and reinstalled it trying to figure this out (which has been fun, nonetheless!).

I know it is unwise to set 777 permissions on public accessible files, but even that will not solve the problem. The only thing that works is if I chmod 777 thefile.jpg after it has been transferred, which is not a working solution.

I tried changing the owner of my site files to www-data per this post, but that also does not work.

My user is mike, and it still does not work whether the owner of the files is mike or root.

Would somebody point me in the right direction? Thanks! And, of course, let me know if I can clarify anything.

Solution :

this is more related to your ftp server configuration, and not so much to apache. which server are you using for ftp? i believe vsftpd is the default ftp server for Debian Lenny, the options you might need to look at in your vsftpd.conf file are: chown_upload_mode and file_open_mode

the default for chown_upload_mode is 0600 which makes me think that might be what you need to set, and then restart your FTPd and try again.

It sounds like Apache is not configured to serve files out of the directory that the file is being saved to. You need to ensure there is a Directory directive in you Apache configuration that permits access to the directory that the file is in. For example:

<Directory "/home/mike/uploads">
  Order allow,deny
  Allow from all

Also the www-data user needs to have permission to traverse the directory tree leading to the directory. E.g. if the file is at /home/mike/uploads then the home, mike and uploads must have execute permisson allowed for other users.

I seem to have solved the problem. I would still like to know if this is an okay solution or not.

Apache User and Group

I changed User ${APACHE_RUN_USER} to User mike and Group ${APACHE_RUN_GROUP} to Group www-data, then I restarted apache with /etc/init.d/apache2 restart.

PHP5 Owner

Next, I changed owner from root to mike on /var/lib/php5 by:

chown -R mike /var/lib/php5

Owner, Group, and Permissions for public folder

Following this article, I did the following:

Added owner ‘mike’ to the www-data group:

sudo usermod -a -G www-data mike

Changed the group for /var/www to www-data:

sudo chgrp -R www-data /var/www

Then, I changed permissions for /var/www:

sudo chmod -R 2750 /var/www

And, I did the following to the upload directory

sudo chmod -R 2770 /var/www/test/images

Tried this…

I originally added @Wes suggestion (below) to apache2.conf, but removed it after doing the above, which works. (Adding or removing this did not seem to affect anything):

<Directory "/var/www">
  Order allow,deny
  Allow from all


The JPEG image files, after being transfered to the server via the PHP script, still have permissions of -rw-------, but I am able to view them from the web browser. Any thoughts?

Leave a Reply

Your email address will not be published.