PHP upload a file to a directory outside the webserver root

So I have a question for you guys... I am trying to write a web site in PHP that will allow people to upload images to my server. I have the upload part working, so that's not the issue. The issue is when I try and write the uploaded files to a directory outside of apache's document root.

Apache's document root is /var/www/, and the directory I am trying to save these images to is /mnt/storage/images/. I have created the directory, changed the group to www-data, and changed the permissions on the directory to 777 (even though I know that's horrible security wise). I tried a few things with the apache configuration file, 开发者_Python百科/etc/apache2/apache2.conf, namely adding a tag and an Alias line, but nothing seems to work. Every time I try and upload a file to the images directory, it gives me a permission error. I've even tried putting a few files there manually and navigating to the directory, using the alias, with the web browser, and I get a 403 error.

I know I am either doing something wrong, or I haven't done something to make this work. I have googled around for help on this for a few days now, and all I find is useless information, or bits and pieces of information that barely help at all.

Btw... I'm on Ubuntu 11.04 using Apache 2.2.17, and I have root access and all that jazz.

Thanks, Robbie

EDIT: Here is the part of the apache config that I put in:

Alias /images "/mnt/storage/images/"
<Directory "/mnt/storage/images/">
    Allow from all
</Directory>

You have to grant Apache access permissions on ALL of the directories involved:

/mnt
/mnt/storage
/mnt/storage/images

There's no point in doing 777 on images if Apache has no rights on the storage or mnt directories.

Of course, only images would need to have write permissions, as that's where you're actually doing file operations. mnt and storage would need at most read permissions, and you can get away from doing global (xx7) permissions by putting Apache's user account into a group and chgrp the images directory to that new group.

You probably have safe_mode enabled in PHP. Turn it off.

It's probably the open_basedir. You can turn this on and off for specific domains... Try something along the lines of

<Directory /var/www/vhosts/domain.com/httpdocs>
        php_admin_flag engine on
        php_admin_value open_basedir none
</Directory>

(Info here)[http://forum.parallels.com/showthread.php?t=62750%22] if you are using Plesk. Or you should hopefully be able to conform it to what ever you are using