You need to determine what users Apache is running under. Sometimes this is root (often represented by 0) or sometimes this is another user like www. If the user that your granting permissions to is different than the Apache user then it does not matter what permission you give the web-server will still not have rights.
To give further explanation to Steve’s, the permissions are given in a matrix with values: Read (4), Write (2) and Execute (1). These are obviously binary so their addition can designate the permissions granted to: Owner, Group and Guest.
As a rule of thumb, you NEVER want to grant anyone but yourself Write permission so either a 4 (in general) or 5 (only allow PHP scripts to be executable … and they generally don’t even require that designation. Thus, 644 or 755 are common - unless you want to bar visitors from viewing in which case 600 would be what you would use. Just remember NEVER to give yourself a non-write code or you’ll have difficulty resetting that without cPanel’s File Manager (or the like).
When you set a directory with the 644 (or 755), that will be assigned to any file added so that’s likely the problem you’re running into.
Thanks! I will definitely learn a lot on this forum!
I think I kind of understood what you guys try to explain… Maybe I should give more information about the problem…
My system is adding adds to website. This adds are added in a file in "uploads folder. and An image of the add is added in the folder of an add in uploads folder:
uploads/add1/image1.jpg
My problem is: I click on uploads folder and I give the permission: 755 read to all and execute to all. And apply this to all below files.
When the user creates a new add (so a new add file) that file doesn’t get that 755 permission.
New created file gets 744 as default and so you can’t view the image…
What do I have to do so that a new created file get 755 permission as default?
First, did you change the permissions on the adds folder to 766 as suggested? It MUST have write permission for the (Apache) user.
Okay, saying that, I’m more concerned about what you didn’t say: That you confirm that the file was uploaded (to the server’s upload directory) then READ by imagecreatefromjpeg, resized and then written to your adds folder. This will ensure that the uploaded image was uploaded and was a JPG file with the additional benefit of ensuring that it is an appropriate size.
If you’re not checking the upload files in this manner, you’re inviting hackers to deposit “payloads” on your server to spread across the Internet.
That seems to be an unusual setup on your server. If this is hosted, ask your support team for help as new files should receive the same permission as the folder. Perhaps using PHP to change the file permission after storing in the folder?
Unnecessary? Ha! Any script kiddie can hide a “payload” in an image file and the file type will report the appropriate image definition. THAT is why I recreate any image uploaded to my server. I may be paranoid but there are script kiddies out there looking for kicks and I don’t want to be a willing target.
First, the filename is .htaccess (not two t’s - presumably a typo) then Options -Indexes merely forbids Apache from providing a directory listing so it has nothing to do with this problem.
I’ve used these commands in Linux a very long time, however I never thought to see if PHP had commands for these. Well you learn something new most days, so thank you.
