Title rewritten as: Uploaded files cannot be moved when permissions are insufficient

Question

I have a PHP script through which I can upload a file and am trying to move it from /tmp to test/ (relative path, located in my project folder, e.g. /var/www/html/myproject/test will be an absolute path). When this happens I get the following error.

move_uploaded_file(test/test.csv): Unable to open stream: Permission denied at /var/www/html/myproject/import.php, line /import2.php

This script is run by the apache user, who has ownership of /test (both the apache owner and the apache group own this directory) and has rwx permissions.

I have checked the following:

• safe_mode is disabled.
• open_basedir is not set.
• file_uploads is enabled.
• upload_max_filesize is 2MB and the file size is ~50KB.
• post_max_size is 8MB and my POST requests are not close to this.
• Use absolute paths instead of relative paths.
• is_dir("test/") returns true.
• is_writable("test/") returns false.
• In php script: print file owner (file to be moved), folder owner (test/), file permissions and folder permissions. The file/folder owner is shown as apache. File permissions are 600, so the owner can read and write. The folder permissions are 755, so the owner can read, write and execute.
• ps -aux | grep apache. Match the PID in the apache error log to a running process owned by the apache user. So this confirms that the process is running under apache.
• getcwd() and __DIR__ both return the correct directory /var/www/html/myproject.
• dirname(__FILE__) returns the correct absolute path of the file
• Check file_exists($_FILES['file']['tmp_name']) returns true
• Checking $_FILES['file']['error'] (the file I want to move) returns 0, and there is no problem with uploading.
• Use is_writable("/tmp") to check whether the source folder (/tmp) is writable and return true.
• Trying to temporarily use chmod -R 777 on test/ still shows permission denied and unwritable.
• Antivirus/EDR temporarily disabled
• Check the security context of "test/". The return result is: "unconfined_u:object_r:httpd_sys_content_t:s0". None of this is a problem (explained in the reply below).
• Check if you have installed security-related applications that may block moving files. These applications are not installed: AppArmor, grsecurity, Tomoyo Linux and Smack.
• Use the fopen()/flock() function in the php script to confirm that the file I want to move is not locked.
• Use the is_uploaded_file() function to confirm that I'm trying to move an uploaded file (I'm going crazy at this point just trying anything I can think of). Of course, this returns true.

Answer 1

move_uploaded_file requires two parameters. 1: The file you want to upload 2: Place the absolute path of the file 3: Please make sure that the upload directory has appropriate ownership and permissions (Note: If you are using Apache as a proxy, the directory ownership should belong to the user: group of apache2).

示例：move_uploaded_file($_FILES['my_file_field_name']['tmp_name'], "/var/www/html/myproject/test/upload_dir/" . $_FILES['name']['tmp_name']);

Read more: https://www.php.net/manual/pt_BR/function.move-uploaded-file.php