douyaju4259 2016-10-23 19:48
浏览 50

如何在当前目录之外创建目录?

I'm trying to create a secure way to handle file uploads by uploading the files to a directory outside of public_html.

I'm testing my script and my script works when I execute sudo php receive_files.php, but when I run receive_files.php without sudo I get failed to open stream: Permission denied.

Right now all permissions all the way back to var/www/html/mysite/public_html are set to 755. I tried changing all of them to 775 and the command still didn't work Without sudo. And I'm pretty sure that would not be secure. How do I get around this problem?

My code: 

$encoded_file = $_POST['file'];
$user_id = $_POST['user_id'];
$decoded_file = base64_decode($encoded_file);

$new_directory = "../../../../../../user_uploads/$user_id/";

if(!file_exists($new_directory)){
    mkdir($new_directory, 0775, true);
    file_put_contents($new_directory . $decoded_file);
}
  • 写回答

1条回答 默认 最新

  • doulian8485 2016-10-23 19:59
    关注

    Sudo is required when you are not the owner of something or you try to change permissions. So if you want php script to have access to upper directory. Change the group or user owner of upper directory same as php executor, in most cases its www-data

    You can check owner of php script by using

    ls -al

    Then change owner using

    chown -hR www-data:www-data directorypath

    For more detail check manual of chown command

    This will most probably fix your issue

    Additional info

    specifying absolute path instead of relative path solved the issue

    评论

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c