Problem with file upload

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Nik Coughin
    #1

    Problem with file upload

    Hi,

    I am getting:

    Warning: move_uploaded_f ile(../images/aqua.jpg): failed to open stream:
    Permission denied in /masterpiece/manage/manageImages.ph p on line 46

    Warning: move_uploaded_f ile(): Unable to move '/tmp/phpBlAw9K' to
    '../images/aqua.jpg' in /masterpiece/manage/manageImages.ph p on line 46

    My images directory is set to 755, and is at the same level as the manage
    directory, hence my use of ../images/

    I am hosted on a cPanel box, so I am not sure where the /tmp folder is
    actually located -- it doesn't appear to be in my account. There is a tmp
    folder off my account root but I don't think this is the right folder as
    there is no file called phpBlAw9K in it. Is it possible that I can't use
    move_uploaded_f ile() because /tmp is located in an area of the server that
    I'm not allowed to delete files from? Or is that ludicrous?

    Any ideas?

    --
    "Come to think of it, there are already a million monkeys on a million
    typewriters, and the Usenet is NOTHING like Shakespeare!" - Blair Houghton
    -=-=-=-=-=-=-=-=-=-=-=-
    You are a nonsense
    http://www.nrkn.com/

    -=-=-=-=-=-=-=-=-=-=-=-


    Tags: None
    • Nik Coughin
      #2
      Re: Problem with file upload

      Nik Coughin wrote:[color=blue]
      > Hi,
      >
      > I am getting:
      >
      > Warning: move_uploaded_f ile(../images/aqua.jpg): failed to open
      > stream: Permission denied in /masterpiece/manage/manageImages.ph p on
      > line 46
      > Warning: move_uploaded_f ile(): Unable to move '/tmp/phpBlAw9K' to
      > '../images/aqua.jpg' in /masterpiece/manage/manageImages.ph p on line
      > 46
      > My images directory is set to 755, and is at the same level as the
      > manage directory, hence my use of ../images/
      >
      > I am hosted on a cPanel box, so I am not sure where the /tmp folder is
      > actually located -- it doesn't appear to be in my account. There is
      > a tmp folder off my account root but I don't think this is the right
      > folder as there is no file called phpBlAw9K in it. Is it possible
      > that I can't use move_uploaded_f ile() because /tmp is located in an
      > area of the server that I'm not allowed to delete files from? Or is
      > that ludicrous?[/color]

      OK, the reason I can't see the file is because it gets deleted when the
      script finishes executing. I'm still baffled as to why I can't do this
      though. Is it something to do with using a relative path name, or a path
      that is not below the level of the path of the script?


      [color=blue]
      > Any ideas?[/color]



        Comment

        • smilesinblues@hotpop.com
          #3
          Re: Problem with file upload

          HI,
          I don't know why this is happening but if you set the permission to 777
          then it should work, I had the same problem and I still don't know it
          happens but as soon as I set the permission to 777 it starts working.
          Cheers

            Comment

            • Nik Coughin
              #4
              Re: Problem with file upload

              smilesinblues@h otpop.com wrote:[color=blue]
              > HI,
              > I don't know why this is happening but if you set the permission to
              > 777 then it should work, I had the same problem and I still don't
              > know it happens but as soon as I set the permission to 777 it starts
              > working. Cheers[/color]

              Are there security issues with setting it to 777?


                Comment

                • Daniel Tryba
                  #5
                  Re: Problem with file upload

                  Nik Coughin <nrkn!no-spam!@woosh.co. nz> wrote:[color=blue][color=green]
                  >> I don't know why this is happening but if you set the permission to
                  >> 777 then it should work, I had the same problem and I still don't
                  >> know it happens but as soon as I set the permission to 777 it starts
                  >> working. Cheers[/color]
                  >
                  > Are there security issues with setting it to 777?[/color]

                  Yes, _every user on that system_ can write to the directory. A short
                  explanation:

                  Most common situation on webservers:
                  You are user A, the webserver runs as user B. If user A and B don't
                  share a common group, then the only way to control file is by setting
                  "other users" to write (and you prop. want to read them also). So you
                  propably will not have much choice anyway other than 777.

                  If user A and B share a group 770 would be enough, but that still all
                  scripts running as user B can write to that directory (that has about
                  the same impact as 777).

                  Ideally scripts would run under user A's permissions

                    Comment

                    • Nik Coughin
                      #6
                      Re: Problem with file upload

                      Daniel Tryba wrote:[color=blue]
                      > Nik Coughin <nrkn!no-spam!@woosh.co. nz> wrote:[color=green][color=darkred]
                      >>> I don't know why this is happening but if you set the permission to
                      >>> 777 then it should work, I had the same problem and I still don't
                      >>> know it happens but as soon as I set the permission to 777 it starts
                      >>> working. Cheers[/color]
                      >>
                      >> Are there security issues with setting it to 777?[/color]
                      >
                      > Yes, _every user on that system_ can write to the directory. A short
                      > explanation:
                      >
                      > Most common situation on webservers:
                      > You are user A, the webserver runs as user B. If user A and B don't
                      > share a common group, then the only way to control file is by setting
                      > "other users" to write (and you prop. want to read them also). So you
                      > propably will not have much choice anyway other than 777.
                      >
                      > If user A and B share a group 770 would be enough, but that still all
                      > scripts running as user B can write to that directory (that has about
                      > the same impact as 777).
                      >
                      > Ideally scripts would run under user A's permissions[/color]

                      OK. Setting the images folder's permissions to 777 does solve my problem.
                      But I would rather have them as 755, given what you say above.

                      However, without setting images to 777 it appears that I cannot access
                      masterpiece/images from a script running in masterpiece/manage.

                      Any advice?


                        Comment

                        • smilesinblues@hotpop.com
                          #7
                          Re: Problem with file upload

                          Hi,
                          just wondering, what if we keep the image DIR out of the root
                          folder.... is a security thead even then.

                          Bye

                            Comment

                            Previous template Next
                            Working...