PHP: move_uploaded_file()

a2jfreaka2jfreak Houston, TX Member
edited February 2007 in Internet & Media
I'm running CentOS with Apache 2.0.52 and PHP 4.3.9

I've changed all the directories from /var/www/html and /var/www/tempfiles to be owned by apache, rather than root, as I read elsewhere that userid could make a difference. It hasn't. Any help is appreciated.
[21-Feb-2007 01:41:39] PHP Warning: move_uploaded_file(/var/www/html/test/testimages/m/857__mark.jpg): failed to open stream: Permission denied in /var/www/html/test/makemainimage.php on line 119
[21-Feb-2007 01:41:39] PHP Warning: move_uploaded_file(): Unable to move '/var/www/tempfiles/phpNXZifM' to '/var/www/html/test/testimages/m/857__mark' in /var/www/html/test/makemainimage.php on line 119

Comments

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2007
    What is upload_max_filesize set to in your php.ini?

    You are correct to change ownership to apache - but make sure the group is apache as well
  • a2jfreaka2jfreak Houston, TX Member
    edited February 2007
    chown/chgrp, both were done.
    Upload max is 10M. The file jpeg was under 1M.
  • a2jfreaka2jfreak Houston, TX Member
    edited February 2007
    Changing dir permissions to 777 worked.

    Guess my Linux rust is thicker than I thought.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2007
    DON'T run folders that php can touch as 777! Run them as 775! If you let the world write to that directory, there are a million php exploits that will hit that box in a matter of hours. Read up on eggdrop, for one example. :(
  • a2jfreaka2jfreak Houston, TX Member
    edited February 2007
    Alrighty then ... 775 it is.

    Is there any (FREE) service that will scan an IP for possible vulnerabilities?
    Gibson Research offers a free scan, but it only checks for open ports, not potential vulnerabilities in software.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited February 2007
    If you find one, let me know! :)
  • a2jfreaka2jfreak Houston, TX Member
    edited February 2007
    I'll let you know if I ever come across one, but I ask the same in return.
Sign In or Register to comment.