Check file permissions
How can I check file permissions , without having to run operating system specific command via passthru() or exec() ?
5 Answers 5
clearstatcache(); echo substr(sprintf('%o', fileperms('/etc/passwd')), -4); Real coders use bitwise operations, not strings 😉 This is much more elegant way of handling permissions:
Use fileperms() function and substring:
substr(decoct(fileperms(__DIR__)), -4); // 0777 substr(decoct(fileperms(__DIR__)), -3); // 777 substr(decoct(fileperms(__FILE__)), -4); // 0644 substr(decoct(fileperms(__FILE__)), -3); // 644 Replace __FILE__ and __DIR__ with your path or variable
What do you want to do by checking file permissions?
When writing secure code, it’s almost always incorrect to «check, then do» anything. The reason is that between the checking whether you can do something and actually doing it, the state of the system could change such that doing it would have a different result.
For example, if you check whether a file exists before writing one, don’t check whether you wrote the file successfully (or don’t check in a detailed-enough fashion), and then later depend on the contents of the file you wrote, you could actually be reading a file written by an attacker.
So instead of checking file permissions, just do whatever it was you were going to do if the permissions check succeeded, and handle errors gracefully.
There are always feasible reasons for checking permissions, perhaps he’s building a daemon for fixing permissions, which doesn’t rely on his script to read or write to the files as a different process is going to do that.
Your answer is very old, so I don’t know if virtual filesystems for unit testing even existed back in 2008. That being said, one viable reason for checking file permissions is to verify (in PHPUnit unit test) that the file in your code is assigned proper permissions, when using vfsStream . (This use case got me to this page.)
fileperms
Returns the file’s permissions as a numeric mode. Lower bits of this mode are the same as the permissions expected by chmod() , however on most platforms the return value will also include information on the type of file given as filename . The examples below demonstrate how to test the return value for specific permissions and file types on POSIX systems, including Linux and macOS.
For local files, the specific return value is that of the st_mode member of the structure returned by the C library’s stat() function. Exactly which bits are set can vary from platform to platform, and looking up your specific platform’s documentation is recommended if parsing the non-permission bits of the return value is required.
Returns false on failure.
Errors/Exceptions
Upon failure, an E_WARNING is emitted.
Examples
Example #1 Display permissions as an octal value
echo substr ( sprintf ( ‘%o’ , fileperms ( ‘/tmp’ )), — 4 );
echo substr ( sprintf ( ‘%o’ , fileperms ( ‘/etc/passwd’ )), — 4 );
?>
The above example will output:
Example #2 Display full permissions
switch ( $perms & 0xF000 ) case 0xC000 : // socket
$info = ‘s’ ;
break;
case 0xA000 : // symbolic link
$info = ‘l’ ;
break;
case 0x8000 : // regular
$info = ‘r’ ;
break;
case 0x6000 : // block special
$info = ‘b’ ;
break;
case 0x4000 : // directory
$info = ‘d’ ;
break;
case 0x2000 : // character special
$info = ‘c’ ;
break;
case 0x1000 : // FIFO pipe
$info = ‘p’ ;
break;
default: // unknown
$info = ‘u’ ;
>
The above example will output:
Notes
Note: The results of this function are cached. See clearstatcache() for more details.
As of PHP 5.0.0, this function can also be used with some URL wrappers. Refer to Supported Protocols and Wrappers to determine which wrappers support stat() family of functionality.
See Also
- chmod() — Changes file mode
- is_readable() — Tells whether a file exists and is readable
- stat() — Gives information about a file
User Contributed Notes 9 notes
Don’t use substr, use bit operator
decoct ( fileperms ( $file ) & 0777 ); // return «755» for example
?>
If you want to compare permission
0755 === ( fileperms ( $file ) & 0777 );
?>
This may not be immediately apparent to some, but you can use octdec( $octal_value ) to match the permissions retrieved by file perms
//assumes file has 2770 permissions
$perm = fileperms ( __FILE__ );
$bit = «102770» ;
printf ( «%s\n» , octdec ( $bit ) );
printf ( «%s\n» , $perm );
An easy way to calculate fileperms to chmod is this:
Displays 666 or 777 (depends on chmod set).
Displays 0666 or 0777 and refers immediately to the number set with chmod();
Windows has a very different file permission model to Unix and integrates them only minimally.
Here’s how Windows calculates the bitmask.
u+w/g+w/o+w is set based on whether the file has the read only flag.
u+x/g+x/o+x is set based on whether $filename is an inherently executable file (e.g. bat) or a directory.
Windows isn’t integrating its ACLs at all.
Here is a small function I made : http://pastebin.com/iKky8Vtu
I was bored and I thought it could be useful.
mixed mkperms( string $perms [, bool return_as_string = false [, string $filename ] ] )
Returns permissions given a string in literal format and a filename.
If the file name is omitted, the permissions that the function will return are based on 000-permissions.
If return_as_string is set to true, the result will be output as a 644 format string. Otherwise it will return a string converted to base-10 for chmod.
echo mkperms ( ‘u+r’ , true ), «\n» ; // 400
echo mkperms ( ‘u+rwx,g+rw,o+x’ , true ), «\n» ; // 761
touch ( ‘myfile.txt’ ); // Create a file with any permissions
chmod ( ‘myfile.txt’ , mkperms ( ‘u=rwx,g=x,o=rw’ )); // myfile.txt is now at -rwx—xrw-
// Make a file and give it full permissions
touch ( ‘somefile.txt’ );
chmod ( ‘somefile.txt’ , 0777 );
echo mkperms ( ‘g-w,o-rw’ , true , ‘somefile.txt’ ); // 751
echo mkperms ( ‘u=rwx,g-r,o=-‘ , true , ‘somefile.txt’ ); // 730
// This way you can apply permissions to files
chmod ( ‘somefile.txt’ , mkperms ( ‘u=rwx,g-r,o=-‘ , false , ‘somefile.txt’ )); // somefile.txt is now at -rwx-wx—
?>
PS : sorry I had to put it on pastebin, or else it just made the note way too long.
A small function for the last 3 digits (777/755 ect.)
function getFilePermission ( $file ) $length = strlen ( decoct ( fileperms ( $file )))- 3 ;
return substr ( decoct ( fileperms ( $file )), $length );
>
?>
Since the output of decoct( fileperms(‘.’) ) is of the form: 40644
It seems the previous example is wrong, instead you should understand:
To get permissions formatted as «644»:
echo substr ( decoct ( fileperms ( ‘.’ ) ), 2 );
?>
To get permissions formatted as «0644»:
echo substr ( decoct ( fileperms ( ‘.’ ) ), 1 );
?>
On Linux (not tested on Windows), if you want a chmod-like permissions, you can use this function:
function file_perms ( $file , $octal = false )
if(! file_exists ( $file )) return false ;
return substr ( decoct ( $perms ), $cut );
>
?>
Using it:
$ touch foo.bar
$ chmod 0754 foo.bar
echo file_perms ( ‘foo.bar’ ); // prints: 754
echo file_perms ( ‘foo.bar’ , true ); // prints 0754
?>
php write file and set permission
I’m trying to create a php file which I can edit straight away without manually set the permissions. I’m trying this.
block($p_name);?>'; $myFile = "testFile.php"; $fh = fopen($myFile, 'w+') or die("can't open file"); $stringData = $var; fwrite($fh, $stringData); fclose($fh); ?> . it creates the file, but when I try to edit the file in my IDE it won’t let me of course. I have to manually set the permission of the file created. Is there any way I can create the file and have the permission already set? Thanks in advance Mauro
3 Answers 3
// Read and write for owner, read for everybody else chmod("/somedir/somefile", 0644); Since this aspect wasn’t covered in previous answers I’ll add it here:
chmod() will only take a path string as the 1st argument. So you cannot try to pass to resource that was open with fopen() , in this case $fh .
You need to fclose() the resource and then run chmod() with the file path. So a proper practice would be storing the filePath in a variable and using that variable when calling fopen() rather than passing it a direct string in the first argument.
In the case of the example code in the answer this would simply mean running chmod($myfile, 0755) (the permission code is only an example and be different of course.)
full code after corrections:
block($p_name);?>'; $myFile = "testFile.php"; $fh = fopen($myFile, 'w+') or die("can't open file"); $stringData = $var; fwrite($fh, $stringData); fclose($fh); // Here comes the added chmod: chmod($myFile, 0755); ?>