4

I'm running an apache server on lubuntu, and am trying to use php to write a text file that the users can then download. I changed the permissions as so:

sudo chmod 775 /var/www -R

But I still get an error when I execute the script:

Warning: fopen(3): failed to open stream: Permission denied in /var/www/myPage.php on line 217 Could not open file!

Here is the php code:

    $filename = $liste[0][0];

    $fh = fopen($filename, "x+") or die("Could not open file!");

    fwrite($fh, "foo") or die("Could not write to file");

    fclose($fh);

Do I need to change other permissions? Or is there another way to do what I'm trying to do? Thanks

Improve this question
10
  • try to check permision of that folder by right clicking on that. you will see write permission is not there/ Commented Apr 21, 2016 at 9:30
  • 1
    What is the result of ls -l /var/www/myPage.php ? Which user and group owns the file ? Commented Apr 21, 2016 at 9:36
  • Try using absolute path to write to file. fopen-perm-denied Commented Apr 21, 2016 at 9:39
  • With the chmod command, you have set full access for the owner and group of the file. Make sure that it is www-data that owns the file or that www-data is in the files group. Commented Apr 21, 2016 at 9:39
  • Please be aware the chmod 775 is a bit broad/permissive. The default of 755 for directories and 644 for files should be sufficient in most cases. It's usually an ownership problem that needs to be fixed rather than broaden the permissions. Commented Apr 21, 2016 at 9:40

1 Answer 1

Reset to default
9

Writing into a folder requires the Apache user to have writing, reading and executing privileges on that folder.

  1. So, first try to identify the name of the Apache user (often www-data).

  2. Then check if that user is either the owner or in the group of the folder where you want to write files.

  3. Give write, read and execute (7) privileges on that folder for that user. Give everyone else who don't need writing the read and execute privileges (5) on the same folder.

  4. (recommended) Give write and read (6) privileges to your files for the www-data user. Everyone else only need read privileges (4).

If www-data is neither the owner nor in the group of the file, then you should change either one of them. After doing this, you may find yourself unable to access the web folder if you access the server with a user other than www-data and other than root (like "webeditor"), and that user is neither the owner nor in the group.

I recommend:

  1. Set the owner and group to the Apache user/group.

    chown -R www-data:www-data /var/www

  2. Add the webeditor user (or whichever you use to connect to the server on ssh or ftp) to the www-data group.

    usermod -a -G www-data webeditor

  3. Give folders the write, read and execute privileges to the owner. Avoid the writing privileges on everyone else.

    find /var/www -type d -exec chmod 755 {} \;

  4. Files do not require the execution privilege. Only reading and writing is necessary for the www-data user, the rest only need reading privileges, so 644 is enough for our files.

    find /var/www -type f -exec chmod 644 {} \;
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice explanation.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.