Stepped on the big pit: the wordpress background cannot move the uploaded file to wp-content

1. Problem description

I migrated the wordpress site to a new server today, but when I uploaded pictures, the message " Cannot move the uploaded file to wp-content/uploads " appears. What is going on and why is this happening.

The error is as follows:

2023/02/20 08:57:48 [error] 9861#9861: *79624 FastCGI sent in stderr: "PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in /usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/DestinationPreparationTrait.php on line 71

PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in 
/usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/DestinationPreparationTrait.php on line 71

PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in 
/usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/DestinationPreparationTrait.php on line 71

PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in 
/usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/DestinationPreparationTrait.php on line 71

PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in 
/usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/DestinationPreparationTrait.php on line 71

PHP message: PHP Warning:  file_put_contents(/usr/share/nginx/html/wordpress/wp-content/uploads/wpo/images/wpo_logo_small.png.webp): failed to open stream: Permission denied in 
/usr/share/nginx/html/wordpress/wp-content/plugins/wp-optimize/vendor

In the above error log, the main error message is:

failed to open stream: Permission denied

即无法打开二进制流（即上传的图片），权限被拒绝

Be sure to check the error log when this type of problem occurs! ! !

For nginx error logs, php error logs, system logs, etc., you need to check the error information carefully, and the corresponding error information will be given. If it is not possible, you can enable the debug mode of php

2. Problem solving

2.1 Modify the owner and group

• Create a new nginx user group
  2.1 Create a new nginx user group

useradd nginx -s /sbin/nologin -M

• Modify the nginx configuration file

# vim /etc/nginx/nginx.conf
user  nginx;

• Modify the php-fpm configuration file

Use the find command to find the www.conf file

find / -name www.conf

Modify php startup user and user group

# vim /etc/php-fpm/www.conf
user = nginx
group = nginx

• Reload nginx and php-rpm

systemctl restart nginx
systemctl restart php-rpm

• Modify wordpress users and user groups

Enter the wordpress root directory (judgment criteria include wp-admin, wp-content, wp-includes three directories), and change the user group of all files in the root directory to nginx.

Modify file owner

chown -R nginx wordpress

Modify file user group

chgrp -R nginx wordpress

-R means to change the wordpress directory and all files and directories under it.

• Verify that it takes effect
  ps aux | grep nginx

2.2 Grant all permissions

Find the file directory where it is located, and set the folder permission to 777. (This method is relatively violent)

chmod -R 777  /usr/share/nginx/html/wordpress

2.3 Turn off the firewall and selinux

The above two questions are raised by the most people on the Internet, but the following selinux question must be something you never thought of.

On CentOS 7, SELinux is enabled by default . SELinux improves server security by restricting and defining how servers process requests and how users interact with sockets, network ports, and base directories. SELinux may have problems accessing or writing files or directories to the DocumentRoot ,

The solution is: close selinux

Permanent method - requires a server restart

修改/etc/selinux/config文件中设置SELINUX=disabled ，然后重启服务器。

Temporary method - set system parameters

use command

setenforce 0

Note:

setenforce 1 设置SELinux 成为enforcing模式 (开启)
setenforce 0 设置SELinux 成为permissive模式（关闭）

2.4 Set up selinux

For security reasons, disabling SELinux is not recommended as it will allow the entire system to be compromised. However, we can update the SELinux policy to allow reading and writing on specific directories. Below is the complete set of commands to set the SELinux policy to allow the apache user to read and write to a specific directory under wordpress.

• First re-establish the SELinux context

restorecon -Rv /usr/share/nginx/html/wordpress

• Change owner of webroot

chown -R nginx:nginx /usr/share/nginx/html/wordpress

• Change base permissions

chmod -R g+w /usr/share/nginx/html/wordpress
chmod g+s /usr/share/nginx/html/wordpress

• Establish SELinux permissions

# 将所有文件设为只读
chcon -R -t httpd_sys_content_t /usr/share/nginx/html/wordpress

# 只允许写入上传目录
chcon -R -t httpd_sys_rw_content_t /usr/share/nginx/html/wordpress/wp-content/uploads/

2.5 Remote file parameter open

vim php.ini
设置 allow_url_fopen = On  //该选项默认已开启，为on便是激活了 URL 形式的 fopen 封装协议使得可以访问 URL 对象文件等。

Note: When allow_url_fopen is off, neither fopen nor file_get_contents can open remote files.