By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,643 Members | 1,797 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,643 IT Pros & Developers. It's quick & easy.

A little problem with move_uploaded_file()

P: n/a
Good evening people, little question here... I'm trying to get this
file upload script to work but it tells me that move_uploaded_file()
fails because it doesn't have permission for the /tmp directory where
the file is before the move. I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?

Thanks for any help you can provide...

Jan 21 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Batmanuel wrote:
Good evening people, little question here... I'm trying to get this
file upload script to work but it tells me that move_uploaded_file()
fails because it doesn't have permission for the /tmp directory where
the file is before the move. I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?

Thanks for any help you can provide...
double check, I would guess that you do not have permissions for
the target directory. I ran into the same problem and had to
chmod to give other write to that directory, which is a problem.

move_uploaded file runs with the php or apache user, not you.

bill
Jan 21 '07 #2

P: n/a
"Batmanuel" <an**********@gmail.comwrote in news:1169342255.121748.236010
@l53g2000cwa.googlegroups.com:
Good evening people, little question here... I'm trying to get this
file upload script to work but it tells me that move_uploaded_file()
fails because it doesn't have permission for the /tmp directory where
the file is before the move. I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?

Thanks for any help you can provide...
Did you notice the /tmp folder should exist on your webserver, not on your
local drive? I made that mistake earlier and it took me quite some time to
solve the problem...
--
Siebie
Jan 21 '07 #3

P: n/a
On Jan 20, 5:17 pm, "Batmanuel" <antonioet...@gmail.comwrote:
I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?
Giving the target directory write permissions isn't necessarily a big
risk, but you do need to try and ensure that your scripts can't be used
to move arbitrary files to the target directory, so check content-type
and file extension.
--
Curtis

Jan 22 '07 #4

P: n/a


On Jan 20, 9:17 pm, "Batmanuel" <antonioet...@gmail.comwrote:
Good evening people, little question here... I'm trying to get this
file upload script to work but it tells me that move_uploaded_file()
fails because it doesn't have permission for the /tmp directory where
the file is before the move. I would chmod /tmp itself but wouldn't
that be a big security risk? is there another solution?

Thanks for any help you can provide...
Well, I've long since fixed it and shamefully forgot to check my thread
here. I apologize for that, guys.
>double check, I would guess that you do not have permissions for
the target directory. I ran into the same problem and had to
chmod to give other write to that directory, which is a problem.

move_uploaded file runs with the php or apache user, not you.

bill
Yup, that was mostly it. I'll try to make it so that only the apache
user has permissions now that you mention it. Its probably safer that
way.
>Did you notice the /tmp folder should exist on your webserver, not on your
local drive? I made that mistake earlier and it took me quite some time to
solve the problem...
Excellent point, I hadn't noticed that but I ended up making a temp
folder of my own just for the purposes of the site so wouldn't have to
mess with the permissions of my /tmp directory.
>Giving the target directory write permissions isn't necessarily a big
risk, but you do need to try and ensure that your scripts can't be used
to move arbitrary files to the target directory, so check content-type
and file extension.
--
Curtis
Will do. Thanks for the input guys and again, I'm sorry I forgot about
this topic here.

Jan 25 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.