Chmod 777 in PHP

File Permissions and CHMOD: How to set 777 in PHP upon file creation?

PHP has a built in function called bool chmod(string $filename, int $mode )

http://php.net/function.chmod

private function writeFileContent($file, $content){
    $fp = fopen($file, 'w');
    fwrite($fp, $content);
    fclose($fp);
    chmod($file, 0777);  //changed to add the zero
    return true;
}

chmod 777 in php

bool chmod ( string $filename , int $mode )

Within PHP they might be some limitations on the security, therefore the depending on your configuration it may not work.

The above function returns a booleon to let you know either it has succeed in changing the entities permissions.

if(!chmod($directory,0777))
{
    echo "Unable to chmod $direcotry";
}

Also a quote from PHP:

The current user is the user under which PHP runs. It is probably not the same user you use for normal shell or FTP access. The mode can be changed only by user who owns the file on most systems.

Understanding above you should look at chown

Give 777 permission to dynamically created file in php

Use the function chmod

chmod

$fp = fopen($file, 'w');
fwrite($fp, $content);
fclose($fp);
chmod($file, 0777);

PHP: Is permission 777 a security issue?

I believe that you need to set permission 0777 because php needs the ability to write files, because php runs its own process often under its own user it will not be able to write files. Permission 0777 just means that you wish to allow all processes the ability to read write and execute files whereas 0755 only allows owner to read write and execute files but other users such as php to only read and execute.

Now about security:

Because the only real change here is granting php write permission. Now this by itself is not a security problem, as long as you are sanitizing the files you allow to be uploaded. But it does technically open you up to more atteck vectors such as malicious file upload there really is no other way for you to allow file uploads to occur, it is all up to how you processes your files such as blacklisting certain extensions and ensuring file size limits to keep your server secure.

On a side note:

You may also want to drop the execute permission on that folder asking as you do not store any of the php files that you are running in the same directory that you wish to upload files to, which you shouldn't be. Your file upload directory should only have read and write permissions and does not need execute permissions by running the command below

chmod go+rw file

Which is the equivalent to:

chmod -R 0666 /Mohammad/is/cool

Which will make a file readable and writable by the group and others. You can read more about that here and here

Change folder permission to 777 using PHP temporarily

PHP provides a function, chmod() for the task.

Attempts to change the mode of the specified file to that given in mode.

You can put it in an if statement, and if it returns false, you can skip the upload file part.

The usage will be like

if( chmod($path, 0777) ) {
    // more code
    chmod($path, 0755);
}
else
    echo "Couldn't do it.";

As described in the chmod function manual, the $mode must be in octal format - with leading zero, i.e chmod($path, 0777)

Can people write a .php file to my chmod 777 folder

Chances are very good that any legitimate user of that machine can write .php files, or anything else they want, to that wide-open directory. A 777 directory has almost no place on a shared host. (/tmp may sometimes be 1777, to set the sticky bit on the directory -- that allows only a file owner to delete a file in the directory. Normally, 777 means anyone can delete any file from the directory. But /tmp has definitely fallen out of favor on shared hosting environments because it is inherently unsafe.)

So: Are you the only user on the machine? Or is this machine shared with anyone else? Does this machine run any other services besides web server? If so, those other services might represent a possible attack vector as well.

Furthermore, if your permissions are set to 777 on your directory I wonder just how safe the PHP files you're running are -- I've seen many cases of people running insecure PHP scripts that allow an attacker to modify every HTML file on the entire web server, to infect people browsing the site. (Yes. Many. More than a handful by a lot.)

This is why whichever user account your web server runs as should not own any of the files of the website -- both static pages and dynamic pages. The web server should have only enough write privileges to write its access.log, error.log, and talk with a database server. Any additional privileges beyond this makes it far to easy for an otherwise benign bug in one of your scripts to become an exploitable vulnerability that allows your site to be used for attacking others.

777 is a bad idea. Fix that. Make sure your web server does not have write permission to any of the web content. Make sure no other service on the server has write permission to your web content. Make sure no other users on the server have write permission to your web content.

Update

This is easier than it sounds. Create a new webcontent user. If your web server already has a group of its own, lets use it and call it webgroup. If it doesn't yet, create a new webgroup as well. (adduser(8) and addgroup(8) if your VPS doesn't have its own mechanism.) Then set the owner for all your web content:

chown -R webcontent:webgroup /path/to/web/content

fix permissions:

find /path/to/web/content -type d -print0 | xargs -0 chmod 750
find /path/to/web/content -type f -print0 | xargs -0 chmod 640

then make sure your web server is using the Group webgroup directive to ensure that it can still read all the files it needs.

This will let your web server have read access to all your scripts and configuration, but if the web server itself is hacked, it can't modify any of it.

How to set 777 permission on a particular folder?

777 is a permission in Unix based system with full read/write/execute permission to owner, group and everyone.. in general we give this permission to assets which are not much needed to be hidden from public on a web server, for example images..

You said I am using windows 7. if that means that your web server is Windows based then you should login to that and right click the folder and set permissions to everyone and if you are on a windows client and server is unix/linux based then use some ftp software and in the parent directory right click and change the permission for the folder.

If you want permission to be set on sub-directories too then usually their is option to set permission recursively use that.

And, if you feel like doing it from command line the use putty and login to server and go to the parent directory includes and write the following command

chmod 0777 module_installation/

for recursive

chmod -R 0777 module_installation/

Hope this will help you

Php - Chmod Not Working

The problem has to do with data conversion.

$chmod = "0777";
chmod($filename, octdec($chmod));

By just passing in the $chmod string it get converted 777 witch is not giving you want. octdec("0777") will output 511 that decimal will give chmod the value you want.