Posted by Batmanuel on 01/25/07 11:41

On Jan 20, 9:17 pm, "Batmanuel" <antonioet...@gmail.com> wrote:
> Good evening people, little question here... I'm trying to get this
> file upload script to work but it tells me that move_uploaded_file()
> fails because it doesn't have permission for the /tmp directory where
> the file is before the move. I would chmod /tmp itself but wouldn't
> that be a big security risk? is there another solution?
>
> Thanks for any help you can provide...

Well, I've long since fixed it and shamefully forgot to check my thread
here. I apologize for that, guys.

>double check, I would guess that you do not have permissions for
>the target directory. I ran into the same problem and had to
>chmod to give other write to that directory, which is a problem.
>
>move_uploaded file runs with the php or apache user, not you.
>
>bill

Yup, that was mostly it. I'll try to make it so that only the apache
user has permissions now that you mention it. Its probably safer that
way.

>Did you notice the /tmp folder should exist on your webserver, not on your
>local drive? I made that mistake earlier and it took me quite some time to
>solve the problem...

Excellent point, I hadn't noticed that but I ended up making a temp
folder of my own just for the purposes of the site so wouldn't have to
mess with the permissions of my /tmp directory.

>Giving the target directory write permissions isn't necessarily a big
>risk, but you do need to try and ensure that your scripts can't be used
>to move arbitrary files to the target directory, so check content-type
>and file extension.
>--
>Curtis

Will do. Thanks for the input guys and again, I'm sorry I forgot about
this topic here.

• Next in forum: Re: how to avoid eval()
• Prev in forum: Re: how to avoid eval()
• Thread view: Re: A little problem with move_uploaded_file()

[Reply to this message]