PHP: move_uploaded_file()

a2jfreak · February 2007

I'm running CentOS with Apache 2.0.52 and PHP 4.3.9

I've changed all the directories from /var/www/html and /var/www/tempfiles to be owned by apache, rather than root, as I read elsewhere that userid could make a difference. It hasn't. Any help is appreciated.

[21-Feb-2007 01:41:39] PHP Warning: move_uploaded_file(/var/www/html/test/testimages/m/857__mark.jpg): failed to open stream: Permission denied in /var/www/html/test/makemainimage.php on line 119
[21-Feb-2007 01:41:39] PHP Warning: move_uploaded_file(): Unable to move '/var/www/tempfiles/phpNXZifM' to '/var/www/html/test/testimages/m/857__mark' in /var/www/html/test/makemainimage.php on line 119

primesuspect · February 2007

What is upload_max_filesize set to in your php.ini?

You are correct to change ownership to apache - but make sure the group is apache as well

a2jfreak · February 2007

chown/chgrp, both were done.
Upload max is 10M. The file jpeg was under 1M.

a2jfreak · February 2007

Changing dir permissions to 777 worked.

Guess my Linux rust is thicker than I thought.

primesuspect · February 2007

DON'T run folders that php can touch as 777! Run them as 775! If you let the world write to that directory, there are a million php exploits that will hit that box in a matter of hours. Read up on eggdrop, for one example.

a2jfreak · February 2007

Alrighty then ... 775 it is.

Is there any (FREE) service that will scan an IP for possible vulnerabilities?
Gibson Research offers a free scan, but it only checks for open ports, not potential vulnerabilities in software.

primesuspect · February 2007

If you find one, let me know!

a2jfreak · February 2007

I'll let you know if I ever come across one, but I ask the same in return.

PHP: move_uploaded_file()

Comments