Php – File upload folder permission fastCGI – How to make it writeable

fastcgipermissionsPHPphp-fpm

I am using centos 5.7 with cPanel WHM running fastcgi/suEXEC

I am trying to make a particular folder writable to allow a script to upload files but seem to be having problems.

The folder (and all recursive folders) I want to be writable is:

/home/mydomain/public_html/uploads

And I want only scripts run by the user "songbanc" to be able to write to this directory.

I have tried the following:

chown -R songbanc /home/mydomain/public_html/uploads
chmod -R 755 /home/mydomain/public_html/uploads

But it still doesn't seem to work.

The script will only upload files if I set the permissions manually via FTP client to 777.

I assume I am misunderstanding how to set permission for users with fastcgi and hopefully someone can help me.

Thanks in advance

EDIT: Running getfacl on one of the scripts or folders gives the following:

# file: home/mydomain/public_html/ripples/1.jpg
# owner: songbanc
# group: songbanc

So it appears that the owner is correct? I'm now totally confused!

EDIT 2:

The plot thickens… lsattr and chattr are returning Inappropriate ioctl for device While reading flags on…

Best Answer

First off, suEXEC is an Apache 1.x module. For various reasons and support issues, upgrading to Apache 2.x with suPHP is the correct path to go. See my previous post here on how to upgrade.

What could be happening is number of things which I will briefly touch on, however upgrading to suPHP would most likely solve this issue. It is important to note that changing PHP 5 Handler to be suPHP is the important part here.

Causes:

  1. You are not running suEXEC and in fact the scripts are not being executed under the username. You can perform top -u username -d 1 where username is the username of the account. You should notice php files show up on that screen every time they are ran.

  2. The parent folder does not have correct permission. If you are running an older version of Apache, and I suspect this is the case since you mentioned suEXEC you can get away with this. If you were running suPHP, this would not be an issue as it will catch it. So make sure parent folders have correct permissions.

  3. You are not running PHP. suPHP or suEXEC are only for PHP scripts. If you are running anything else, they may or may not be ran under that user depending on how you have Apache setup. For the most part they should, but who knows!

Take away: Upgrade to Apache 2.x with suPHP and you should be covered. Just make sure you change the PHP handler to suPHP as described the link I posted.

Related Topic