PHP move_uploaded_file fail

Leonardo asked:

This is a common question but I double checked suggested solutions without success.

These are the errors from PHP:

Warning: move_uploaded_file(images/img01.jpg): failed to open stream: Permission denied in /usr/share/nginx/html/media/test.php on line 28

Warning: move_uploaded_file(): Unable to move '/tmp/phpRvUCVx' to 'images/img01.jpg' in /usr/share/nginx/html/media/test.php on line 28

The server has installed nginx with php 7.3 (php-fpm)

Permissions on upload folder:

 drwxrwxrwx.  2 nginx  nginx       6 Apr  5 03:11 images

Information from ps aux | grep php

centos   24211  0.0  0.0 112708   980 pts/0    S+   16:01   0:00 grep --color=auto php
root     24674  0.0  0.6 285532 11452 ?        Ss   Apr04   0:04 php-fpm: master process (/etc/opt/remi/php73/php-fpm.conf)
nginx    24675  0.0  0.4 287740  8724 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24676  0.0  0.4 287740  8720 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24677  0.0  0.4 287740  8684 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24678  0.0  0.5 287916  9232 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24679  0.0  0.5 287916  9308 ?        S    Apr04   0:00 php-fpm: pool www
nginx    25107  0.0  0.4 287740  8716 ?        S    Apr04   0:00 php-fpm: pool www

Information from ps aux | grep nginx

root     15041  0.0  0.1 125116  2324 ?        Ss   Apr04   0:00 nginx: master process /usr/sbin/nginx
nginx    15042  0.0  0.2 125956  5328 ?        S    Apr04   0:00 nginx: worker process
nginx    15043  0.0  0.2 125956  5328 ?        S    Apr04   0:00 nginx: worker process
nginx    24675  0.0  0.4 287740  8724 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24676  0.0  0.4 287740  8720 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24677  0.0  0.4 287740  8684 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24678  0.0  0.5 287916  9272 ?        S    Apr04   0:00 php-fpm: pool www
nginx    24679  0.0  0.5 287916  9308 ?        S    Apr04   0:00 php-fpm: pool www
nginx    25107  0.0  0.4 287740  8716 ?        S    Apr04   0:00 php-fpm: pool www
centos   26097  0.0  0.0 112712   976 pts/0    S+   16:39   0:00 grep --color=auto nginx

Configuration for PHP-FPM

user = nginx
group = nginx
listen = /var/run/php73-fpm/php73-fpm.sock
listen.owner = nginx
listen.group = nginx

What I missing ? Thanks in advanced

My answer:


You’ve got multiple issues here, probably some of which you introduced yourself while trying to solve the original problem.

First, your PHP process seems to be running as the nginx user. This was not the default configuration, and is not recommended. You should let it run with its own user ID as it was originally set up.

Second, the permission of your images directory allows all users to write to it. This is obviously a bad idea, and should never be done, not even for “testing”. Set the ownership and permissions appropriately. If it ever crosses your mind that chmod 777 might help you, remember you are going down a wrong path.

Third, you appear to have placed your web site files under /usr/share/nginx/html. You should not use this directory for your own files; it is intended only for default files shipped with nginx. Use a directory under /srv instead, such as /srv/www. Also avoid /var/www, which is another directory reserved for web server default files (usually those shipped by Apache httpd).

Finally, for the immediate problem, SELinux does not allow nginx or php-fpm to write to random directories. You need to tell SELinux that the directory and its contents should be writable by setting its default context to httpd_sys_rw_content_t and then setting the context of any existing files. For example:

semanage fcontext -a -t httpd_sys_rw_content_t "/srv/www/wherever/images(/.*)?"
restorecon -rv /srv/www/wherever/images

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.