mkdir in a 755 dir

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
i have the make.php located on my server.  the only line of code is
mkdir("/home/foouser/public_html/newdir", 0755);.  now
/home/foouser/public_html is "drwxr-xr-x   7 foouser foouser".  with
just that code i get permission errors. i am running make.php from a
remote machine.  so how can i get mkdir to create a directory in
/home/foouser/public_html without chmodding anything to 777.  would
adding some type of authentication system to make.php work so that i
could let the server know that i'm foouser on my remote machine?

Re: mkdir in a 755 dir Wrote:
> i have the make.php located on my server.  the only line of code is

Quoted text here. Click to load it

/home/foouser/public_html would have to be owned by the UID the *web
server* is running as.  Another way would be to change
~foouser/public_html to mode 775 (drwxrwxr-x) and change it's group
owner to the GID the server is running as.  For example on Tiger, GID
70 (group name, www).

macbri's Profile:
View this thread: - The Answer to Mac Support -

Re: mkdir in a 755 dir wrote:


Quoted text here. Click to load it

As expected.
When you run a PHP script, that script runs almost in all cases as user  
APACHE, often called: nobody, www-data, or just apache.
That user DOES NOT HAVE WRITEPERMISSION in the directory.

So, solutions:
1) Open up the directory to the world. (not wise maybe)
2) Make sure the user that runs php is in the same group as foouser, and  
give the group writepermission.
3) Make a new directory in /home/foouser/public_html/forapache with:
drwx------ apache apache  
or something that suits your needs.

Erwin Moller

i am running make.php from a
Quoted text here. Click to load it

Re: mkdir in a 755 dir

Well, my next question is how would I do what you described in solution


Erwin Moller wrote:
Quoted text here. Click to load it

Re: mkdir in a 755 dir

ok, here's the update:

i'm trying to write an upload script on a web server that will not
allow me to change the ownership or group name of a directory.  i can
physically create /public_html/uploads to be 777 so that i can upload
files and edit images uploaded on that directory.  the problem is, how
can i prevent someone from writing their own script off of my server (a
remote script) and adding/deleting files in /public_html/uploads since
it is 777?

Re: mkdir in a 755 dir wrote:

Quoted text here. Click to load it


[where I say 'apache' here I mean the user that runs as apache the PHP code,  
which is also named often 'www-data' or 'nobody']

A few things you should/can consider:
If you store the images in xxx/public_html/uploads probably anybody can just  
type /... and get them, unless you take some  
precautions like making the files unreadable for user apache, in which case  
you'll have a hard time using them in your website. So that is a bad  
solution, agree?

A solution I used once is the following:

You need a solution where apache can write the files (from fileupload) and  
read them too (to use in your website).
So why not let apache create the directory and change the filepermissions on  
it to: uploads drwx------ apache apache

Now apache can read, write, delete in that directrory.

Note: How to do this?
1) You'll have to temporary change permissions in the parentdirectory to  
allow apache to create the directory in public_html.
chmod 777 public_html  
2) Make a simple sript that creates the uploadsdirectory and chmod it to the  
above (chmod 700 uploads).
3) Set the permissions on public_html back to whatever you like, or had  

Now you are reasonably safe, except for 1 thing: Other users on your machine  
can ALSO run php scripts as apache (on most setups).
So they could modify this uploads directory via their own PHP scripts.

If you do not trust them (on shared hosting or because you know they are  
@ssh0les) you could use the following trick to make their life more  
Instead of the uploadsdirectory, you make a subdirectory in uploads, which  
you give a horrible name, like this:
In that directory you store the images, and you make sure the  
uploadsdirectory doesn't have listpermissions for apache.
so uploads will get:
uploads drw------- apache apache
and the funky named directory will get:
Hytr647ygghfFpioiaoiu17897 drwx------ apache apache

Now you have to do 1 last thing, because you do not want your html to  
contain the name of the funky named directory. That would be too easy for  
So instead of pointing the path to your uploaded images directly to  

like in <img src="upload/Hytr647ygghfFpioiaoiu17897/mrx.jpg">

you need something like:
<img src="getimage.php?image=mrx.jpg">

And write a simple php script that knows the path to the image and returns  
it. (That is very basic and you can find it on

Hope this helps.

Good luck.
Erwin Moller

Re: mkdir in a 755 dir

Thanks, Erwin.  I've been searching and posting messages on the
Internet for two days now and have not found a decent answer, until I
read this.  Good job.

Re: mkdir in a 755 dir wrote:

Quoted text here. Click to load it

It's because the webserver is not running as user 'foouser' so doesn't have
write permission to /home/foouser/public_html

If you can chown that dir to the webserver user it will work - but for most
intents and pruposes this would have the same effect as chmoding the dir to

Quoted text here. Click to load it

No, IIRC, only root can change the privilege on a running process but
there's nothing to stop you creating a process running as foouser (although
this will need a *lot* of clever coding to get the process to do what you

I did think about writing an I/O proxy in C to do exactly this - but after
worked out what was involved I had a sudden bout of apathy.


Site Timeline