PHP is creating a directory it can't write to

2
votes
if ( !is_writable( $save_path ) ){
    mkdir( $save_path, 0777, true );
}
$uploadfile = $save_path . basename($_FILES[$form_field_name]['name']);
if ( is_writable( $save_path ) ){
    move_uploaded_file($_FILES[$form_field_name]['tmp_name'], $uploadfile)
}

This will create a new dir inside my uploads dir, and if I putty onto the server and do ls -la, the dir has been created with permissions/ownership:

drwxr-xr-x apache apache

Great. But moving the uploaded file into that new dir fails with:

SAFE MODE Restriction in effect. The script whose uid is 0 is not allowed to access /var/www/vhosts/domain.com/httpdocs/media/uploads/DE owned by uid 48

Ok, so I get HOW the error is happening - the new folder is created with owner and group set to "apache" (who I guess is user 48), and user "root" can't get to it (user 0 is root, right?). And I guess safe mode is also stopping me creating the dir as 777 and has decided in its infinite wisdom not to do what I asked it to.

But... how is my PHP script creating directories as "apache", and trying to move stuff into them as root? And how can I get round it without taking an axe to safe mode?

1
phpapacheuploadpermissionssafe-mode
The fact that your script is creating the directory but it ends up with different permissions from what you pass as an argument suggests there's something serverside that's enforcing the permissions that your script can set.GordonM

1 Answers

0
votes

Per the PHP docs:

http://php.net/manual/en/function.mkdir.php

Note: When safe mode is enabled, PHP checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.

Why not check to ensure that your stuff is running under the correct user. It seems to me that given your errors that your PHP scripts are running under a different user. (note. apache tends to run as root)