Question

Unable to upload images specifically on DigitalOcean Server

I have a Laravel site which is running well on a localhost as well as Hostgator Linux shared server. The website allows users to make accounts and upload images and documents in following two directories:

var/www/html/contents/individual/personal/docs var/www/html/contents/individual/personal/images

Now I have moved it to Ubuntu at DigitalOcean. Here a user can upload a document in the directory “docs” but when he uploads an image in the directory “images”, there is an error “[object Object]”. Is this related to permissions.

A command “ls -l” gives me following information on permissions:

itsme@MyWebsite:/var/www/html/contents/individual/personal$ ls -l total 20 drwxrwxrwx 3 www-data www-data 4096 Aug 31 04:29 sounds drwxrwxrwx 2 www-data www-data 4096 Nov 27 01:22 docs drwxrwxrwx 3 www-data www-data 12288 Nov 27 01:23 images

Can someone help in resolving this issue. Thanks


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@faheem1

What do the permissions look like for:

/var/
/var/www
/var/www/html
/var/www/html/contents
/var/www/html/contents/individual
/var/www/html/contents/individual/personal

If your web root is www (i.e. where index.php is), from www down to personal should be owned by the same user & group (i.e. www-data) if that’s who PHP is being run as (in the case of using PHP-FPM or FastCGI).

Security Alert

From a security standpoint, neither files or directories should have permissions set to 0777, which is what drwxrwxrwx implies.

The d tells us that it’s a directory while rwx (Read, Write, Execute) is set for Owner, Group and Other (where Other is anyone that is not the Owner and not in the Group). For the directories above, rwx is set for all three of the groups, which is the equivalent of a chmod 777 or chmod 0777.

Ideally, all directories should have a chmod no higher than 0755 and PHP files 0644. Of course, if you can get away with more restrictive permissions, that’s a plus.

Why?

Having a chmod of 777 on files or directories, as noted above, gives world-writable permissions. In many cases, when files are written to a directory, they inherit the same permissions unless otherwise set (by your script). Let’s say that one user uploads an image that really isn’t an image, it’s a PHP script in disguise (this could be the case even if it has an image extension). Should this image go by without validation, you now have a script on your server that can do whatever the uploading user wants when they call it. This could be a simple shell command using PHP’s shell_exec() function which runs a rm -rf on your entire directory (which would delete everything in it, thus rendering it unrecoverable).

Hopefully you’ve implemented some validation that prevents this sort of thing from being possible, but this is one example.