Develop Reference

Wrong permissions when uploading file on WORDPRESS (Windows server 2012)

I've recently moved my WP site from godaddy to a physical sever using windows server 2012 R2.
But I'm having problem uploading files using the Admin panel, After uploading the file, I can see it physically on the server (wp-content\upload\2017\10)
But I can't see it on the website it self.
I can only see the file if I'm changing it permissions on the server it self.
I've changed the permissions to the folder, I gave full access to the relevant users. But still, it doesn't work for new files\pictures I'm uploading via the wp admin panel
Edit:
I've notice that every time I come to change the folder permissions the permissions under CREATOR OWNER are always empty, Is it Related ?
Thank you very much for the help

When you upload a file, PHP sends the file to a temporary directory on your server's hard drive (usually C:\Windows\Temp) and then copies it over to the proper directory. Once the file has is initially put in the temporary directory, it gets the permissions of that directory. The problem is when Windows moves that file to the proper place, it keeps the temporary directory’s permissions, which can cause access problems.
The way to fix this is to change the temporary directory to a folder within your WordPress installation, usually wp-content/upgrade.
To do this, follow these directions:
Find your php.ini file.
Find the upload_tmp_dir line, and change it to the wp-content/upgrade folder.
Browse to this folder and verify that the permissions are set properly.
You should then have the ability to properly view all your images. You'll most likely need to select all the previous selected images, and change the owner of the files to the web folder owner. Then you should be good to go!

If you can’t upload an image at all, it’s probably because you need to give the IUSR account Read/Write/Modify permission on your wp-content folder. This will allow you to upload, and do the WordPress & plugin updates.
Once you have done that, all you need to do is give the IIS_IUSRS group Read permissions on your “C:\Windows\Temp” folder.
Make sure to notice that the two permission changes you make are not for the same user/group. Give IUSR permissions on your wp-content folder and IIS_IUSRS permissions on your Windows temp folder.
Note: If you have edited your php.ini file and change the upload temp directory then you will need to give IIS_IUSRS group read permissions on that folder instead.
That should do it, or at least it worked for me.
http://chris.wastedhalo.com/2011/01/wordpress-upload-permissions-on-iis-7-fix/

I find myself coming back to this question time after time when images I add to the Media Gallery don't have the correct permissions in the WordPress Uploads folder. Since I develop WordPress sites locally, it would be a pain to set permission on the Uploads folder every time I work on a new site.
To fix this, I created a folder "C:\Websites\Temp" without messing around with permissions or security settings, etc. Then in MAMP, I edited the php.ini template of the PHP version I was using for this site, php7.3.0.ini (File, Edit Tempate, PHP). I then set upload_tmp_dir to "C:\Websites\Temp":
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = c:\websites\temp
and voila, no more permission issues.

Well, a few years later, found this post. Tried it. Failed.
Other solution is to assign a specific user to the site in IIS and apply the right permisions to the folder containing the site.

Unreal file in Cpanel

I see an unknown tar file in cpanel file manager. The thing that is bothering me whether or not I delete this file.
Recently I found some malicious files in my wordpress website and the hosting provider sent me a message to look over the whole website. Can anyone tell me if this unreal file was responsible or not?
Unreal file

This is a unusual filename (with tar.gz). This isn't wordpress file also. I think is better to delete this file.

The file seems very odd and is not part of any installation.
It is also uploaded in your Home Directory - which no application does.
If you have not uploaded the folder yourself you should indeed delete it.
Afterwards it is nice to go through your access log files to see if there aren't any POST requests made to your website that seem odd.
You can also look through the file called .lastlogin in your cPanel's Home Directory - it contains all IP addresses that have accessed your cPanel account.

Wordpress File Uploader Error in Godaddy Managed WP Hosting

I am in a really interesting situation right now.
After migrating a client website from a development environment using, WP Clone by WP Academy, I get this error when trying to upload images via the Worpress media uploader.
“image.png” has failed to upload due to an error
Unable to create directory uploads/2015/07. Is its parent directory writable by the server?
I logged into Godaddy and change the entire uploads/ folder permission via ssh to 777 (crazy enough). And all its contents.
I still got the same error.
After probing a little deeper, I found out the website is running from a different location than the machine i am sshed into.
What do I mean?
When I run pwd via ssh, to see my current working directory I get.
-bash-4.2$ pwd
/home/clientname/html/wp-content/uploads
But In the Wordpress setting at, Settings -> Media
The option "store uploads in this folder" has a value of
/home4/d***71/public_html/website.url/wp-content/uploads
Meaning The site files are copied and hosted in a different location than that given via the SSH, This is probably due to the fact that Godaddy's managed wordpress hosting has some special cache setting configured beyond the control of the user.
The problem now is how do I correct the File Permission issue and have my uploads working properly.
:)

I am just adding this, if anyone ran into the same issue in future.
Log into your GoDaddy account.
Go to the Hosting page.
Click Manage
Select File Manager for the domain you want to edit the permission (this is, if you have multiple domains)
Navigate to the folder where you have installed the WordPress.
Hover on the 'wp-content' and you should able to see an arrow, click to see the option called 'Change Permissions'.
You should able to see all the Permission details in this window.

login into your godaddy panel and click file manager
click or open your project folder
locate upload folder and click on check box
click into the privacy icon and check inherit an SET ALL SUB FOLDERS TO INHERIT PERMISSIONS both checkboxes

The "Hover" didn't work for me. What DID work was to go to the directory above, put ONE check in a box for a DIRECTORY (not a file), and then click on "Privacy".
GoDaddy Permissions
If you check more than one folder, OR a file, you won't get the permissions eyeball to light up.
So, to fix a file permission you would have to go to the level above, and change "Set all subfolders to inherit permissions".
Apparently you can't change some files and not others - just the parent folder, which then sets all the files (is my guess).
This is NOT a limitation of Windows, it's the broken way they establish permissions.
Anyway - hopefully that will work. Tech support confirmed the drop down doesn't work anymore.
== John ==

Change file permissions from code behind

I wonder if its possible to change permission on file from code behind?
PROBLEM: Unfortunately i use AjaxFileupload to upload files to webserver. So far so good. The problem arises when the uploaded files, that are saved on a mapped folder on the webserver are to be opened. The files doesnt show up in folder (on other server), lack of permissions.
Here is why: AjaxFileUpload save the file in a temp folder first, then move it to actual by me defined path. The file inherit the permission from that temp folder, not the permission i have put on my mapped folder. I need to use the mapped folder and I need the permissions on the mapped folder to be inherited to the file.
Why do i need this? I need this because there is an desktop application that need to open the files. The mapped folder have all the correct permissions for doing this. So, how to do? It would be easy if i can change permission on files from code behind, lets say just after i saved the file to folder, BUT is that even possible?
I read somewhere that it wasnt a good idea to change permission on the temp folder, any ideas why?
Any help would be appriciated!
edit:
So to clearify, i dont have any problems saving file to disk (server 3). My problem is that i cant see or access files on server 1, because the file doesn't inherit the mapped folder permissons. The mapped folder have permisson from both server 1 and server 3 but one the file get uploaded the file only have permission from server 3.

I don’t think the problem is with the permission on the source file. I believe the problem is the account used to run IIS does not have permission to access the mapped folder.
You can use Impersonation to grant access for the section of code that saves the file.
See these:
WindowsIdentity.Impersonate
This question
And this question

Solved it by myself. Basically wrote some code that gave me the name of the tempfolder on webserver where ajaxfileupload made the temp-save before moving the file to the folder i wanted it. When i had the name on that folder i basically changed permission on that folder. I only gave read and list permission on the folder because i dont want the desktop application to have any other right on the webserver. That was all i needed to get the file listed on in the mapped driver.

I can't watch videos I upload to drupal

I can upload a video to my drupal instance, but when I try to view the video I don't have rights to do so. I discovered that the IIS_IUSR doesn't have Read & Execute rights on the video even though the IIS_IUSR does on the containing directory.
IIS_IUSR has Read & Execute, List folder contents, and Read rights to the directory where files are uploaded to. However when I look at the rights of the uploaded video file (something.mp4), IIS_IUSR only has List folder/read data rights and Windows says these are inherited from the parent object. Include inheritable permissions from the object's parent option is checked.
Here's some more information that may be helpful.
If I try to access a video directly via a url I get this error:
HTTP Error 500.50 - URL Rewrite Module Error.
The page cannot be displayed because an internal server error has occurred.
Module RewriteModule
Notification BeginRequest
Handler StaticFile
Error Code 0x80070005
This seems like a configuration issue someplace, i.e. Drupal, IIS, or Windows.
Any thoughts.
My environment:
Windows 2008 R2
IIS 7.5
Drupal 6.19
MySQL 5.1.49
PHP 5.2.14
Someone requested that I post my .htaccess. There are several for the site, but here is the one for the files directory where the videos are uploaded to.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Options None
Options +FollowSymLinks
But isn't .htaccess only used with Apache? I'm using IIS, so is the .htaccess even used?

Got the videos to work by changing the temp upload directory that Windows uploads files to before they're moved the web directory. By default Windows uses C:\Windows\Temp and in my case the permissions set on the file were kept when they were moved from Temp to the web directory. I didn't want to set IIS_IUSR permissions on this folder, so I created a different directory right under the C drive and gave it IIS_IUSR read/execute perms. Then I updated my php.ini file to point to this new directory. All's working well now. I think the key was to put this temporary directory outside of Inetpub because I tried this same set up but with the temp directory within Inetpub and it didn't work.