Reputation: 2890
PHP: What should be the permission for the directory where I store user uploaded files?
I'm using Linux hosting, & storing some user-uploaded files. What will be the permission (i.e. 0755) for the directory where I'll keep these uploaded files?
Also, what should be the new permission of the uploaded file? Currently I'm giving 0755 permission using the
chmodcommand, is it secure enough?
Now I'm using code something like:
if (move_uploaded_file($_FILES[$name]['tmp_name'], $targetPath)) {
// CHMOD
chmod($targetPath, 0755);
} else {
return array(false,"Can not move file. Upload failed.");
}
where $targetPath is the new location of the uploaded file.
Thanks for your help!
Upvotes: 1
Views: 105
Answers (1)
Reputation: 360672
Try 0750, owned by the webserver process (www-data?). There's no reason to grant anyone BUT the webserver any kind of rights on that directory, unless you have another account that requires it. In which case, create a dedicated group for your www-data and "other" accounts, and chgrp the directory to that new group and make it 0770.
Unless you have very good reason, do NOT grant execute rights on the upload file. If you're not VERY careful handling the upload, someone can send up and a binary and your server will open the door wide. So...0640 on files, 0750 on directories.
Upvotes: 2
Related Questions
- What are the proper permissions for an upload folder with PHP/Apache?
- php image uploading and permissions
- php file upload permission?
- Permission for destination upload folder in PHP
- Correct file upload folder permission
- php file uploading permissions, which would be the best chmod?
- Folder permissions when telling PHP to save a file to that folder?
- Folder permissions for PHP file uploads - private/public/shared views?
- Permission for Uploading file
- What file permissions should I set for uploaded files