Place a chmod 666 on the upload directory. Is the only way to write a file inside.

The only precaution you could take is to pre-check the file (extension, size, etc) BEFORE moving it from the temp directory to the final destination.

I tried using 666 and it said "Permission Denied". It will only work with 777 by the looks of it.

Note, this is the folder it is being copied into from PHP temp, not uploaded directly into.

That's weird, because 666 means read and write access for everyone. When you perform chmod 666 filename command you allow everyone to read and write to the file.

My advice is to re-check that matter.

find out the name of the user apache is running under and set permissions for that user only, you shouldn't need global write permissions to write a file

This is what I do in the FTP client,

[18:15:31] 257 "/httpdocs/photos/nature" is current directory.
[18:15:31] SITE CHMOD 666 thumbs
[18:15:31] 200 SITE CHMOD command successful

So, the directory /httpdocs/photos/nature/thumbs/ is now CHMOD 666.

So, I run my PHP script, which for note, is not located within this folder, and I get this error,

Warning: move_uploaded_file(../../../../../../httpdocs/photos/nature/thumbs/nature_2006-05-30_001.jpg): failed to open stream: Permission denied in /var/www/vhosts/***********/subdomains/*******/httpdocs/system/core/class_image.php on line 140

No error and works with CHMOD 777 though. :/

For folders, you also need to add "execute" permissions - without this, the folder will be inaccessible.

Edit: You'll probably get away with 755, but not much less for a folder.

Ok, I have been reading up on CHMOD a little.

What permissions do I need to give to the folder and the PHP file running the script?

I have tried setting the PHP file to CHMOD 777 and the folder to CHMOD 666 and still I get "Permission Denied" errors when running the PHP code.

This is a dedicated server I'm on so I can alter any server settings if need be.

I am very new to this and I just want to do it right this time. If anyone knows a tutorial or anything like that, can you forward it to me?

Thank you.

As I just mentioned, 666 won't work for directories - they need execute permission or the apache user won't be able to enter into it to write the file.

Try 755 for the folder.

The permission of the script is not really relevant, but try 644.

Ok, so 755 would give the "User" permission to write only. The user for the directory at the moment is the FTP username, do I need to change the owner of the directory to the apache username? Because at the moment 755 doesn't work. I still get permission denied.

I'm getting a feeling here I may not have set something I needed to. :(

I would just change it back to 777 to be honest with you, and forget about it.

Why do you consider it "risky" to have this permission on a folder of images? What are you trying to "secure" exactly?

I may have been misformed here, but can't someone upload anything they want to a folder and execute it when the permissions are 777?