PHP - rmdir(权限被拒绝)
我有一个简单的脚本来创建和删除文件夹,但是当我尝试删除文件夹时,它会出现错误。
代码:
<?php
if ($_POST['hidden']) {
$key = "../g_test/uploads";
$new_folder = $_POST['nazevS'];
$new_dir_path = $key."/".$new_folder;
$dir = mkdir($new_dir_path);
if($dir)
chmod ($new_dir_path, 0777);
}
if ($_POST['hiddenSS']) {
$key = "../g_test/uploads";
$new_folder = $_POST['nazevS'];
rmdir($key."/".$new_folder);
}
?>
错误消息:
Warning: rmdir(../g_test/uploads/) [function.rmdir]: Permission denied in /home/free/howto.cz/m/mousemys/root/www/g_test/upload.php on line 51
有谁知道如何删除该文件夹(希望其中包含所有内容)? 另外,如果您发现代码可能有任何其他改进,请随时告诉我。 :-)
谢谢,迈克。
I have an easy script to create and delete a folder, but when I try to delete a folder, it brings up and error.
The code:
<?php
if ($_POST['hidden']) {
$key = "../g_test/uploads";
$new_folder = $_POST['nazevS'];
$new_dir_path = $key."/".$new_folder;
$dir = mkdir($new_dir_path);
if($dir)
chmod ($new_dir_path, 0777);
}
if ($_POST['hiddenSS']) {
$key = "../g_test/uploads";
$new_folder = $_POST['nazevS'];
rmdir($key."/".$new_folder);
}
?>
The error msg:
Warning: rmdir(../g_test/uploads/) [function.rmdir]: Permission denied in /home/free/howto.cz/m/mousemys/root/www/g_test/upload.php on line 51
Does anyone know how to delete the folder (hopefuly with everything inside) ?
Also if you see any other improvments, the code could have, feel free to tell me. :-)
Thanks, Mike.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
一般来说,Unix/Linux 上的 PHP 脚本以用户“nobody”运行,这意味着它们需要“all”权限,因此这是目录的权限问题。 此外,要删除 Linux/Unix 中的文件或目录,您需要对父目录具有写入权限。 那可能是你的问题。
如果您创建的文件或目录有问题,请使用
chmod()对它们设置正确的权限。而且它也可能不为空。
另外,值得一提的是,
从安全角度来看,这确实很糟糕。 清理该输入。
Generally speaking PHP scripts on Unix/Linux run as user "nobody", meaning they need the "all" privileges so it's a permissions problem with the directory. Also, to delete a file or directory in Linux/Unix you need write privileges on the parent directory. That might be your problem.
If you have problems with the files or directories you create, use
chmod()on them to set the right permissions.Also it might not be empty.
Also, it's worth mentioning that
is really bad from a security point of view. Sanitize that input.
为了这个答案的目的,我将把允许目录中的任何和所有上传的安全风险放在一边。 我知道它不安全,但我觉得这个问题超出了原始问题的范围。
正如大家所说,这可能是权限问题。 但是,由于您已经在代码中创建了该目录(删除时很可能以同一用户身份运行)。 怀疑是这样的。
要删除目录,您需要确保:
您拥有适当的权限(正如每个人都指出的那样)。
所有目录句柄在删除之前必须关闭。
(让句柄保持打开状态可能会导致权限被拒绝错误)
目录必须为空。
rmdir()只删除目录,不删除里面的文件。 因此,如果里面还有东西,它就无法完成其工作。要解决第 2 个问题,非常简单。 如果您使用的是这样的东西:
在删除之前关闭您的句柄:
对于第三点,您想要做的称为递归删除。 您可以使用以下函数来实现此目的:
For the purpose of this answer, I will put the security risks of allowing any and all uploads in a directory aside. I know it's not secure, but I feel this issue is outside the scope of the original question.
As everybody said, it can be a permission problem. But since you've created the directory in your code (which is most likely running as the same user when deleted). It doubt it is that.
To delete a directory, you need to make sure that:
You have proper permissions (as everyone pointed out).
All directory handles must be closed prior to deletion.
(leaving handles open can cause Permission denied errors)
The directory must be empty.
rmdir()only deletes the directory, not the files inside. So it can't do its job if there is still stuff inside.To fix number 2, it is extremely simple. If you are using something like this:
Close your handle prior to deletion:
For number 3, what you want to do is called a recursive delete. You can use the following function to achieve this:
您似乎需要对要编辑的文件夹具有访问权限。
要更改此设置:
或者您可能需要执行以下操作:
确保这是您想要执行的操作并且您的应用程序是安全的。 不要向任何应用程序授予写入权限,因为这可能会导致安全问题。
It looks like you need access rights on the folder you're trying to edit.
To change this:
or maybe you'll need to do
Make sure that this is what you want to do and that your application is secure. Don't give write rights to any application since it could lead to security issues.
网络服务器需要对您尝试删除的文件夹的写入权限。 您可以提供以下内容:
其中 www-data 是运行网络服务器的用户(可能是 apache 或某些变体,具体取决于您的操作系统和服务器安装)。 之后,您可以运行
rmdir(如果目录不为空,则运行rm -r)。另外,请记住,赋予 Web 服务器写入目录的能力会带来安全问题。 在某些情况下,这可能允许恶意用户运行任意代码(即接管您的计算机),或修改您的网站(即服务器间谍软件)。
由于这些原因,您应该只给目录写入权限:
在生产计算机上的此设置中,您可以为此设置一个单独的目录文件类型,只有 Apache 可以写入。 如果您必须将文件部署到此目录,请使用 sudo 或 root 帐户来限制有权访问的帐户。
要更完整地描述我的意思,请查看安全提示< Apache 文档中的 /a> 部分。
The webserver requires write access to the folder you're trying to delete. You can provide this with:
where www-data is the user that the webserver runs under (may be apache or some variation depending on your OS and server installation). After this you can run
rmdir(orrm -rif the directory isn't empty).Also, keep in mind that giving the web server the ability to write to a directory posses security problems. In certain situations, this could allow a malicious user to run arbitrary code (i.e. take over your machine), or modify your website (i.e. server spyware).
For these reasons, you should only give dirs write perms that:
In this setup on a production machine, you could set up a separate directory just for this type of file, that only Apache can write to. If you have to deploy files to this directory, use
sudoor the root account to do so to limit the accounts that have access.For a more complete description of what I mean, have a look at the security tips section in the Apache documentation.