PHP move_uploaded_file “Unable to move”

Question

Apologies if this has been answered elsewhere and I didn't make the correlation to my failures in posting to move_upload_file() . move_upload_file() is responding with 2 errors, "failed to open stream" and "unable to move". I'm trying to keep this as simple as possible for testing purposes only (since it doesn't work). This site is not exposed to the internet nor is used for production purposes, but rather my learning. A preemptive thank you for your patience and helpful tips on my troubles.

HTML form post:

<!DOCTYPE html>
<html>
<body>

<form enctype="multipart/form-data" action="recv.php" method="POST">
  <!-- MAX_FILE_SIZE must precede the file input field -->
  <input type="hidden" name="MAX_FILE_SIZE" value="3000000" />
  <!-- Name of input element determines name in $_FILES array -->
  Send this file: <input name="userfile" type="file" />
  <input type="submit" value="Send File" />
</form>

</body>
</html>

recv.php:

<?php
error_reporting(E_ALL);
ini_set('display_errors',1);

$uploaddir = '/var/www/html/Pictures/';
//$uploaddir = 'Pictures/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo "File: $uploadfile<br>\n";

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
  echo "File is valid, and was successfully uploaded.\n";
}

echo 'print_r($_FILES):';
print_r($_FILES);

print "</pre>";

?>

The result:

File: /var/www/html/Pictures/test.jpg

Warning:  move_uploaded_file(/var/www/html/Pictures/test.jpg): failed to open stream: Permission denied in /var/www/html/recv.php on line 13

Warning:  move_uploaded_file(): Unable to move '/tmp/phpuA2sGA' to '/var/www/html/Pictures/test.jpg' in /var/www/html/recv.php on line 13

print_r($_FILES):
Array
(
    [userfile] => Array
        (
            [name] => test.jpg
            [type] => image/jpeg
            [tmp_name] => /tmp/phpuA2sGA
            [error] => 0
            [size] => 43434
        )

)

And the correlated security (or lack thereof):

drwxrwxrwt. 8 root   root   4096 Apr 10 16:00 /tmp
drwxrwxrwt. 3 root   root     35 Apr 10 16:00 /var/tmp/
drwxrwxrwt. 2 apache apache    6 Apr 10 16:53 /var/www/html/Pictures/

Probably the most important note that I cannot correlate is that this originally did work at one time but I had erased the contents of the html folder. I noticed a linked file in Pictures that pointed back to /var/www/html . Carelessly I removed that link and subsequently the few files I had in /var/www/html for testing. I've rebuilt those couple files per the above specs but now receive the warnings from the attempted move. As the recv.php file shows, I've tried both the absolute path and the relative path. I realize a lot of this is considered against best practice, but I need to understand what is broken before addressing all the other concepts. Getenforce is still "Enforcing", if that matters.

Answer 1

It was an selinux permission issue. chcon -R -t httpd_sys_rw_content_t Pictures solved the problem.

I realized that the 777 permissions were not the issue when printing the results of is_writable('Pictures') , which wound up false. A real quick test after setenforce 0 proved that I needed to address selinux.

Answer 2

I have similar error:

[11-Mar-2019 05:26:17 Asia/Shanghai] PHP Warning:  move_uploaded_file(uploads/my_image.jpg): failed to open stream: Permission denied in /var/www/example.com/public_html/upload.php on line 38
[11-Mar-2019 05:26:17 Asia/Shanghai] PHP Warning:  move_uploaded_file(): Unable to move '/tmp/phpOeWOf4' to 'uploads/my_image.jpg' in /var/www/example.com/public_html/upload.php on line 38

In my case, I solved it by sudo chown www-data uploads , which uploads is the folder name of upload destination:

$ ls -la /var/www/example.com/public_html/uploads -d
drwxr-xr-x 2 www-data root 4096 Mac  11 05:29 /var/www/example.com/public_html/uploads