Permissions error I can't figure out

[TechnoDiver]

Can someone please give me some guidance on how to deal with the following warning

Quote

Warning: move_uploaded_file(../usernet/img/60ff59c9f0a830.45733158.jpg): Failed to open stream: Permission denied in /opt/lampp/htdocs/site/admin/add_post.php on line 23

Warning: move_uploaded_file(): Unable to move "/tmp/phpXNeGsj" to "../usernet/img/60ff59c9f0a830.45733158.jpg" in /opt/lampp/htdocs/site/admin/add_post.php on line 23

All directories and files in the path have full owner permissions and I've made myself the owner of them all (I'm on a linux system). I've also done the same with the /tmp folder. I can't even think of anything else to change and haven't found anything online that solves the issue.

in case it's needed, the php is as follows:

<?php
require("assets/initializations.php");

if(isset($_POST['add_post']) && !empty($_FILES['post_image'])) {
    $filename = $_FILES['post_image']['name'];
    $file_tmp_name = $_FILES['post_image']['tmp_name'];
    $filesize = $_FILES['post_image']['size'];

    $file_ext = explode('.', $filename);
    $file_act_ext = strtolower(end($file_ext));
    $allowed = array('jpeg', 'jpg', 'png', 'gif');

    if(!in_array($file_act_ext, $allowed)) {
        header("Location: add_post.php?message=file_type_not_allowed");
    } else {
        if($filesize > 10000000) {
            header("Location: add_post.php?message=file_too_large");

        } else {
            $file_new_name = uniqid('', true) . "." . $file_act_ext;
            $dir = "../usernet/img/";
            $target_file = $dir . basename($file_new_name);
            move_uploaded_file($file_tmp_name, $target_file);
            echo "<script>alert('Image uploaded successfully');</script>";
        }
    }
}

I do get the javascript alert that's it's been successfully uploaded, but the image doesn't make it into the specified directory and I get the warnings at the top. I'm also, probably obviously from the path, using XAMPP server for development. TIA

[requinix]

4 hours ago, TechnoDiver said:

All directories and files in the path have full owner permissions and I've made myself the owner of them all (I'm on a linux system).

Your user account is the owner and you've given yourself all the necessary permissions. But is PHP running as your user account?

[TechnoDiver]

8 hours ago, requinix said:

Your user account is the owner and you've given yourself all the necessary permissions. But is PHP running as your user account?

If that can be accurately checked by going into PHP interactive mode and entering

echo exec('whoami');

or

print shell_exec( 'whoami' );

 

Then yes, it's running as my user account

[gw1500se]

No it can't. Add that code to the PHP file giving you the error then run that code as a user normally would from a web browser. In the case of Linux, the user will normally be 'apache'.

[TechnoDiver]

43 minutes ago, gw1500se said:

No it can't. Add that code to the PHP file giving you the error then run that code as a user normally would from a web browser. In the case of Linux, the user will normally be 'apache'.

Ok, I see that now. It comes back as daemon. I was just doing some searching around trying to work out the safest way to change this and I must have found a dozen or more different ways, suggestions etc etc. When I follow up on what they're saying I don't find anywhere that it says a user is 'daemon'  (only my username or root) so I have no idea which one to listen to and feel like I'm in territory where I shouldn't be experimenting too boldly. What would you do here?

Edited July 27, 2021 by TechnoDiver

[gw1500se]

If it is running as 'daemon', then that is the user you need to set permissions for.

[TechnoDiver]

Ok, I was busy trying to figure out how to change the php user that I never thought about changing permissions for 'daemon'. I've only ever seen my username and 'root' as owners or groups so was thinking I had to change the php user to my username. Thanks for the patience.

I do have another question that happened while I was messing about with permissions that maybe you could answer - instead of changing the owner to 'daemon' I had decided to make a group, give it full permissions in the path and then add 'daemon' to that group. That didn't work. Since 'daemon' was also a group I eventually just made it the group owner of the relevant directories and files.

My question is, since the group that is also my username was already the group owner, why couldn't I have just extended the group permissions and add the 'daemon' user to that group and have it work? I really thought that would work, but it didn't. Any good explanation as to why??

[requinix]

1 hour ago, TechnoDiver said:

why couldn't I have just extended the group permissions and add the 'daemon' user to that group and have it work?

You could have. It's weird, you shouldn't really be adding system users to your personal group, but you could.

PHP should run as an under-privileged user such as (I assume) "daemon". It should not run as your account. If you need it to be able to do certain things then you should be granting it permission.
Here, I think I would change ownership on whatever directory to be owned by your user and the daemon group, then set permissions to 0775.

[TechnoDiver]

15 hours ago, requinix said:

Here, I think I would change ownership on whatever directory to be owned by your user and the daemon group, then set permissions to 0775.

That's exactly what I ended up doing in the end, thank you