Directory Permission or Apache ID for file uploads

phper
phper used Ask the Experts™
on
I always thought for directories that files are uploaded to via a form post that the directory needs to be 777. Is that the case? Or is there a way to keep it 755 and change the ApacheID of the directory instead?

If so, what should I change the Directory's ApacheID to? What is the syntax for chown? Or do I change it another way?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Apache usually runs as a specific user. You can figure out that user by going into a shell on the server and running this command:

ps aux | grep -i "httpd"

It should show you something like this:

daemon   15898  0.0  0.2 167808 14332 ?        S    Oct18   0:01 /usr/sbin/httpd
daemon   15904  0.0  0.1 163708  9544 ?        S    Oct18   0:01 /usr/sbin/httpd
daemon   15907  0.0  0.1 165252 12224 ?        S    Oct18   0:00 /usr/sbin/httpd
daemon   15908  0.0  0.1 163700  9732 ?        S    Oct18   0:01 /usr/sbin/httpd

In the above example, the user that Apache runs as is called "daemon" so you would need to change the directory so that it is owned by daemon, or belongs to daemon's group. Usually the group name is the same as the user name.

Setting a directory to 777 is the same as saying - "ANYONE can have full access to add, edit, and delete this directory and everything inside it."

The chown syntax is:

chown user:group /path/to/directory

Example:

chown daemon:daemon /www/uploads

Author

Commented:
I did
ps aux | grep -i "httpd"

and I got a list similar to yours but I have "root" listed three times and "nobody" listed 10 times. Which one is correct? It's aVPS server with 16 accounts

Commented:
Most likely it's "nobody" - you rarely come across Apache running as root (mostly because you have to take some extra steps at compile-time to allow it to run as root because it's a big security risk).
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Commented:
Apache tends to run as either daemon, nobody, apache, or www. Those seem to be the 4 most common usernames and groups I've seen.

Author

Commented:
so would it be:
chown nobody:noboady /path/to/directory

Author

Commented:
sorry typo
chown nobody:nobody /path/to/directory

Commented:
Yes. If you ALSO want to change the ownership of the files inside that directory, just add an -R to it, like this:

chown -R nobody:nobody /path/to/directory

Author

Commented:
thanks. Final question: Currently the owner & group are the same, it's the FTP user name. If I change the owner & group wouldn't I not be able to upload or manipulate files in that directory?
Commented:
Ah, that could be a problem, yes. You didn't mention that FTP was writing to this directory. Is it a general FTP account (e.g. "ftp" user), or is it specific to someone's account (e.g. "jsmith" user)?

You could do:

chown -R <ftp username here>:nobody /path/to/directory

and then

chmod -R 775 /path/to/directory

That will give full access to the FTP username, full access to anyone in the "nobody" group, and only read/execute access to everyone else.

Author

Commented:
Thanks for all the help. I'm trying to come up with a standard way to do this b/c I work on many different servers with cPanel, Pleask, etc and also with or without safe_mode on.

So today it's the account's cPanel and FTP user, i.e. "siteuser"

Normally, I make a folder locally then upload it to the server using the user "siteuser" what I want is to be able to use the folder normally and have forms upload files to the folder without 777.

Based on your answers what I did was create the folder using mkdir, which made it with user "nobody" I then was able to upload without a problem. What was a problem was I couldn't view any of the uploaded files in the folder via FTP or cPanel. I was able to open the files via the web.

Author

Commented:
chown -R <ftp username here>:nobody /path/to/directory

and then

chmod -R 775 /path/to/directory

Worked but I still can't see any of the uploaded files.

Author

Commented:
sorry there's something wrong on my end . Will update soon

Commented:
Are you saying that the uploads are working, but you cannot see them with PHP (but you can see them in the shell) ?

Author

Commented:
no I wasn't I was trying to accept the answer!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial