fopen can't create file

Question

I’m working on something which requires PHP to make files and folders. I'm using fopen to create the file. However, it doesn't seem to work. When I was writing the code, I was on windows with WAMP and everything was working but when I moved the site to Ubuntu server the script simply doesn't work.

This is the code I’m using for the creation on the file and the ziping

mkdir($sessionid, 777);

// create the server.properties
$server_config = fopen("$sessionid/server.properties",'a');
$config = "test";
fwrite($server_config,$config);
fclose($server_config);

// create the run.sh/bat
$server_script = fopen("$sessionid/RUN.$platform", 'a');
fwrite($server_script,$script);
fclose($server_script);

// zip them all together
$zip = new ZipArchive();

$ow = 1;
$file= "$sessionid/RFSLABSserver.zip";
if($zip->open($file,$ow?ZIPARCHIVE::OVERWRITE:ZIPARCHIVE::CREATE)===TRUE)
{
    // Add the files to the .zip file
    $zip->addFile("/$sessionid/server.properties", "server.properties");   
    $zip->addFIle("/$sessionid/RUN.$platform", "Start.$platform");
    // file source as file name

    $zip->close();
}

What the script does is to create a folder with the sessionid which is a random number and inside that folder create the 2 files and zip them. Note the folder is created but not the files inside

Answer 1

You should try setting proper permissions for directory.

mkdir($sessionid, 777);

is wrong, you should write

mkdir($sessionid, 0777);

Answer 2

Your script has this:

mkdir($sessionid, 777);

But it should be this; note the 0 in front of 777:

mkdir($sessionid, 0777);

That said, you should read up on PHP & Unix permissions here. In general, your permissions should never ever for any reason be set to 777.

When you set permissions to 777 it means that 100% anyone with access to your machine on any level can read, write & execute the file. Meaning if your site gets hacked, a hacker than then use the execute permissions to launch scripts to get deeper in your system. Or someone else on the system—since they can read, write & execute the file—can simply delete your files without you ever knowing.

You should instead see who is the owner of the directory you are trying to create $sessionid in. The owner of the file or directory/folder is the key to solving issues like this. Then chmod permissions need to conform to the needs of the file owner.

The owner of the parent directory where you are trying to do this should be the same as the Apache web server user which is usually www-data on modern systems. So that parent folder you are attempting to create the $sessionid file in should be owned by www-data and have read, write & execute permissions set which equates to 7.

A more safe, sane & practical thing to do—once you have the owner issue set—is to set the permissions to that parent folder to 755 and set your mkdir to 0755 as well like this:

mkdir($sessionid, 0755);

Setting directories to 755 and setting files to 644 is the best way to go as long as the ownership of the file is solid & correct. 644 permissions basically break down as follows

• The first 6 means the owner of the file can read & write to it.
• The next 4 means members of the group connected to that file can only read it.
• The next 4 means others—who are neither the owner or a member of the group—can read it.

As for 755 they are best for directories/folders because directories/folders need to have execute rights to allow you to view the contents inside of them. So it breaks down like this:

• The first 7 means the owner of the file can read, write & execute it.
• The next 5 means members of the group connected to that directory/folder can only read & execute it.
• The next 5 means others—who are neither the owner or a member of the group—can can only read & execute it.