Testing file Upload

Explanation

The source code for this file is availabe at index-source.php. That file only contains: <?php highlight_file("index.php"); ?>

I am trying to upload files selected by the user of an HTML form to a directory called /srv/yoursite.co.uk/public/htdocs/code-examples/file-upload/media/files/ on my Bytemark server.

This web page including the HTML form and the PHP code for uploading the file are in index.php which is in the file-upload/ directory shown in the path above.

Changing Permissions on files/

Before I changed any ownerships or permissions on the server, files failed to upload. I ran the command chmod 777 files so that ls -l gives: drwxrwsrwx 2 admin admin 4096 Jun 23 13:09 files and now files do upload to files/.

Although this now means I can upload files to files/ I am concerned that the permissions on the files directory might cause issues eg security etc.

I tried making the permissions on file/ more restrictive but only 777 works:
drwxrwsrwx works
drwxrwsr-x fails
drwxr-srwx fails
drwxr-sr-x fails (this is the standard setting for files)

It appears that BOTH group AND others have to be given write access to files/ in order for files to be uploaded.

It is notable that only the permissions on the files/ needed to be changed in order to enable file uploads to it. The directories it is in (ie. media/, file-upload/ and code-examples/ did not need to be changed at all.

Changing Ownership of files/

Taken from a random page on the internet but probably true: "www-data is the user that web servers on Ubuntu (Apache, nginx, for example) use by default for normal operation". You can check what user your server is running as with <?php echo `whoami` ?>

I restored the permissions on files to their default setting and then ran chown www-data:www-data files. The results of that and some other owner settings are shown below:
drwxr-sr-x 2 admin admin 4096 Jun 24 12:17 files/ fails (default)
drwxr-sr-x 2 www-data www-data 4096 Jun 24 12:17 files/ works
drwxr-sr-x 2 admin www-data 4096 Jun 24 11:59 files/ fails
drwxr-sr-x 2 www-data admin 4096 Jun 24 11:59 files/ works
So, only the owner of files/ has to be changed to www-data in order for files to be uploaded.

Problems with Normal Workflow

With www-data as the owner of files/, file uploads worked without changing the standard permissions of any directories. Changed ownership of files/ also results in it being impossible to download files from files/ using FileZilla. Hopefully this and potentially other changes in behaviour of the files/ directory will not interrupt my normal work flow excessively. I can perform operations on the files/ directory using SSH and then using sudo.

Test the File Upload

After uploading a file you need to test to see if a file has been uploaded. FileZilla can be used to see if file.ext has appeared in files/. If it has then it should be deleted so further tests can be run. If you upload an image file you should see it displayed below after submitting the form which also indicates it has been uploaded.