DeadMansMarch DeadMansMarch - 3 months ago 36
PHP Question

move_uploaded_file() has insufficient permissions even though the owner id is the same as the user id

I have created a folder /home/UploadContent with owner:group as apache:apache, the same group and user as the php process. I then used chmod to set the permissions to 775, which should allow php to write uploaded files to this directory. I tried it, and it gave me the same insufficient permissions error.

The exact error is "failed to open stream: Permission denied".

I wrote a small php program to test whether or not:

$Owner = fileowner("/home/UploadContent/");
$Current = exec("whoami");
$Id = exec("id -u " . $Current);
echo ($Owner . " is owner, " . $Id . " is user.");

This always returns "48 is owner, 48 is user."

This would imply that php has the correct permissions to write,read, and execute, but it is still throwing errors.


[Promoted from a comment]

Sounds like an SELinux problem...

Try running setenforce 0 at a bash prompt and then re-run the script. If this resolves the issue, you need to configure SELinux to allow your process access to the specified folder.

You can re-enable SELinux with setenforce 1. Failing that, SELinux will be re-enabled at boot.

On Centos/RedHat, I use audit2allow to make appropriate policies by analysing the audit log. I have no idea what the standard is on other distros. This Wiki page explains what SELinux does and why it's important if you want your server to be secure.

I'm not aware of any way to configure SELinux via config files, however you can use chcon to change the security context of a specific resource (like a file). More details of how security contexts work can be found here.

Finally, you can disable SELinux entirely but this is not recommended.