似乎无法在PHP中获得mkdir（）的正确权限

Question

I have the following simple script to test the mkdir() function in PHP:

<?php
  $id = rand();

  $targetPath = $_SERVER['DOCUMENT_ROOT'] . '/sample_folder/' . $id .'/';
  mkdir(str_replace('//','/',$targetPath), 0755, true);
?>

Ideally, this would create a random folder each time the script is run under my web directory/sample_folder. Sample_folder has 755 permissions.

The issue I face is, I keep running into PHP: mkdir() Permission denied issues. My sample_folder permissions are currently set to chmod 755.

I have read states not to chmod to 777 so please don't suggest it.

For test purposes, chmod 777 the 'sample_folder' directory addresses the issue but again this poses security issues. Is there something else I am missing on how to make this work?

Of note: my PHP users on the system is "apache";

I am running PHP 5.3.* and CentOS 5.5 on a Media Temple dedicated virtual server for reference. I have also looked through nearly every chmod question on SO and cannot seem to find a solution that matches my issue (with the exception of 777 suggestions).

edit

Running ls -la on my server returns:

drwxr-xr-x 2 ftphiddenname psacln 4096 Jan 26 11:24 sample_folder

final update

The answers provided were very helpful. For anybody looking for additional information, I came across this knowledge base article and while it is listed on Media Temple, I blieve the principles apply to any most similar configurations:

(dv):Resolve Apache permission errors

Answer 1

The reason for this is the script needs write permissions in sample_folder.

I don't know your actual set up, but I'm guessing your script is either running under world permissions or group permission which is 5 (read 4 + execute 1) since your current permissions are 755 (7 for owner, 5 for group and 5 for world). To write directories into that folder, your script will need write access. You can set this up more securely than 777 if you have access to chown directories. My advice would be to create a group called 'webgroup' or similar and place your webserver user into that group. Then, give the group write permissions (770) would be appropriate once you have that set up. In case you're a little hazy on how the permissions work, the final setup would be:

sample_folder: owned by root, group webgroup, 770 permissions add whatever user apache (or other webserver) is running as to webgroup

EDIT:

With more details available in the initial post, this means you would be adding the user 'apache' to webgroup. If you find this too difficult a setup or you do not have full permissions on the server to set this up then using chown as suggested elsewhere to let apache own the directory would work as well.

For example: chown apache sample_folder

This will make apache the owner of the folder, giving it access to write permissions (assuming it is still 755)

Answer 2

Have you checked the filesystem permissions for the folder under which you are trying to create the directory?

You should cd into the directory and ls -la to see the current ownership and filesystem permissions:

paulbain@test ~/test $ ls -la
total 8
drwxr-xr-x  2 paulbain apache 4096 Jan 26 17:38 .

In my example above, it's owner Read Write Execute, Group Read and Execute and Everyone Read and Execute.

If this was the case and you have your Apache running under a user in the group apache , PHP would not be able to create the directory.