Allowing web server to delete uploaded files, how?

Question

I'm implementing a file upload in symfony2. My File entity is owned by a User, and represents the uploaded file. The uploaded files should not be accessible for anyone except admins and the owner. For addressing this (apart from securing the controller), I save them in a directory which is not under /web/. I called this directory /private_files/ (and is located at the root of the project).

To allow the web server to write to that directory I ran this (I'm on Mac OS X Mavericks):

$ sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" private_files/

$ sudo chmod +a "www allow delete,write,append,file_inherit,directory_inherit" private_files/

The uploading works fine. However when trying to delete the files through the controller, with

unlink($path)

I get the error "Warning: unlink(path/to/file): Permission denied".

When listing the files on the terminal with ls -al , I get

drwxr-xr-x+ 3  myuser   staff      204 Mar 23 11:59 .
drwxr-xr-x  24 myuser   staff      816 Mar 21 19:51 ..
-rw-r--r--  1  _www     wheel  7395585 Mar 23 11:59 uploaded_file_1

where I notice that the uploaded files lack the executable permission and the "+" which represents the ACLs.

What's the correct approach to allow these files to be deleted with the unlink method? Should the files inherit the ACLs (and if so, how)? Or should a chmod be applied on the directory? Thanks a lot.

Answer 1

I think it is because your folder is not owned by apache user which handle php.

because you created the folder /private_files/ with another user not with apache user, for the app/cache is created programically so he own it and can create/delete. i will update it as answer