Problem with file upload

Hi,

I am getting:

Warning: move_uploaded_file(../images/aqua.jpg): failed to open stream:
Permission denied in /masterpiece/manage/manageImages.php on line 46

Warning: move_uploaded_file(): Unable to move '/tmp/phpBlAw9K' to
'../images/aqua.jpg' in /masterpiece/manage/manageImages.php on line 46

My images directory is set to 755, and is at the same level as the manage
directory, hence my use of ../images/

I am hosted on a cPanel box, so I am not sure where the /tmp folder is
actually located -- it doesn't appear to be in my account. There is a tmp
folder off my account root but I don't think this is the right folder as
there is no file called phpBlAw9K in it. Is it possible that I can't use
move_uploaded_file() because /tmp is located in an area of the server that
I'm not allowed to delete files from? Or is that ludicrous?

Any ideas?

--
"Come to think of it, there are already a million monkeys on a million
typewriters, and the Usenet is NOTHING like Shakespeare!" - Blair Houghton
-=-=-=-=-=-=-=-=-=-=-=-
http://www.nrkn.com/
-=-=-=-=-=-=-=-=-=-=-=-

Nik Coughin wrote:
> Hi,
>
> I am getting:
>
> Warning: move_uploaded_file(../images/aqua.jpg): failed to open
> stream: Permission denied in /masterpiece/manage/manageImages.php on
> line 46
> Warning: move_uploaded_file(): Unable to move '/tmp/phpBlAw9K' to
> '../images/aqua.jpg' in /masterpiece/manage/manageImages.php on line
> 46
> My images directory is set to 755, and is at the same level as the
> manage directory, hence my use of ../images/
>
> I am hosted on a cPanel box, so I am not sure where the /tmp folder is
> actually located -- it doesn't appear to be in my account. There is
> a tmp folder off my account root but I don't think this is the right
> folder as there is no file called phpBlAw9K in it. Is it possible
> that I can't use move_uploaded_file() because /tmp is located in an
> area of the server that I'm not allowed to delete files from? Or is
> that ludicrous?

OK, the reason I can't see the file is because it gets deleted when the
script finishes executing. I'm still baffled as to why I can't do this
though. Is it something to do with using a relative path name, or a path
that is not below the level of the path of the script?



> Any ideas?

HI,
I don't know why this is happening but if you set the permission to 777
then it should work, I had the same problem and I still don't know it
happens but as soon as I set the permission to 777 it starts working.
Cheers

smilesinblues@hotpop.com wrote:
> HI,
> I don't know why this is happening but if you set the permission to
> 777 then it should work, I had the same problem and I still don't
> know it happens but as soon as I set the permission to 777 it starts
> working. Cheers

Are there security issues with setting it to 777?

Nik Coughin <nrkn!no-spam!@woosh.co.nz> wrote:
>> I don't know why this is happening but if you set the permission to
>> 777 then it should work, I had the same problem and I still don't
>> know it happens but as soon as I set the permission to 777 it starts
>> working. Cheers
>
> Are there security issues with setting it to 777?

Yes, _every user on that system_ can write to the directory. A short
explanation:

Most common situation on webservers:
You are user A, the webserver runs as user B. If user A and B don't
share a common group, then the only way to control file is by setting
"other users" to write (and you prop. want to read them also). So you
propably will not have much choice anyway other than 777.

If user A and B share a group 770 would be enough, but that still all
scripts running as user B can write to that directory (that has about
the same impact as 777).

Ideally scripts would run under user A's permissions

Daniel Tryba wrote:
> Nik Coughin <nrkn!no-spam!@woosh.co.nz> wrote:
>>> I don't know why this is happening but if you set the permission to
>>> 777 then it should work, I had the same problem and I still don't
>>> know it happens but as soon as I set the permission to 777 it starts
>>> working. Cheers
>>
>> Are there security issues with setting it to 777?
>
> Yes, _every user on that system_ can write to the directory. A short
> explanation:
>
> Most common situation on webservers:
> You are user A, the webserver runs as user B. If user A and B don't
> share a common group, then the only way to control file is by setting
> "other users" to write (and you prop. want to read them also). So you
> propably will not have much choice anyway other than 777.
>
> If user A and B share a group 770 would be enough, but that still all
> scripts running as user B can write to that directory (that has about
> the same impact as 777).
>
> Ideally scripts would run under user A's permissions

OK. Setting the images folder's permissions to 777 does solve my problem.
But I would rather have them as 755, given what you say above.

However, without setting images to 777 it appears that I cannot access
masterpiece/images from a script running in masterpiece/manage.

Any advice?

Hi,
just wondering, what if we keep the image DIR out of the root
folder.... is a security thead even then.

Bye