Hey everyone. I have 2 different linux servers (each one is through a different web hosting company). On both servers I have the exact same PHP file upload script that allows users to upload a file or image to the server (everything on both servers is identical).
On server #1 the "attachments" directory (which is where the files are uploaded to), I have the permissions set to chmod 755 and the files are successfully uploaded to the server (into the attachments folder).
HOWEVER, on server #2 for some reason, the files will not upload into the "attachments" directory unless I put the permissions to chmod 777 (chmod 755 will not work on server #2).
Does anyone know any possible reasons as to why server #2 will not allow file uploads with chmod 755?
More-than-like you have a permission problem related to the userid (UID) of the process running the web server and the userid (UID) and/or groupid (UID) of the directory.
Thanks for the response. I'm not really sure how to remedy that permission issue, so if I was to somehow not allow that particular directory (the "attachments" directory chmod 777) to run any "scripts", would that make it more secure?
When you upload a file via a web server, generally, the user id of the process writing the file is the user id of the web server.
Do you know the UID of your web server process?
You need to start there. What is it?
Then look at the user and group ids of the directory where the file is uploaded, as well as the permissions of the directory.
If you have to open the directory up to 777 for the web server to write to it, that usually means the directory is not owned by the web server (process), or group (of course), depending on how things are set up.
What are these users, groups and permissions?
These are the basics you need to look at (nothing very complex).
Here is how the "heiarchy" is: mysite.ca directory is chmod 715. When I click into that folder, the "docs" directory is chmod 755. When I click into that folder, all other directory folders in there are chmod 755, except for the "attachments" directory folder that I created (which is chmod 777 so that it works properly). Does this make sense?