Files uploaded outside /var/www

Well it might be helpful to see your directory structure and upload script..? Common sense.

Also explain the reason, because you could simply use the Alias directive to point the external directory to clients:

Alias /uploads /etc/mnt/storage/uploads

that way you don't have to alter your scripts, but if your boss decision was taken for security reasons, then Alias is the wrong solution.

for Alias solution , if user downloads a file with any download manager ,does it shows the full path for file or only the "uploads/filename.xxx" ?

does it shows the full path for file

No, the aliased path will not be directly accessible or visible so, only /uploads/file.ext will be visible to clients. There are some constraints, so read the documentation carefully.

am sorry for this mistake, I want to upload files from folder /var/www/script/upload.php to /mnt/storage/uploads/
I give "../../../mnt/storage/uploads/" as path but it show me error in upload always, what should I do to make upload happen.
I gave chmod 755 to upload folder
and chown www-data to this folder and still nothing uploaded or shown from this folder

Use an absolute path to define the destination directory, then test and check Apache & PHP error logs, it should return the reason: permissions, wrong destination or something else. In case of problems, return the error information and possibly, as suggested previously, your script.

My previous definition wasn't exact, my fault: you don't have to change the path for the clients, they will not spot any change, but you have to modify the destination path for the upload script.

when am trying to view file its shows me this error
[Mon Mar 02 22:45:32 2015] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /uploads/ denied

when uploading file
move_uploaded_file(../../../mnt/storage/uploads/filename.ext): failed to open stream: Permission denied in /var/www/script/upload.php on line 236

[Mon Mar 02 22:55:43 2015] [error] [client xx.xx.xx.xx] PHP Warning: imagejpeg(): Unable to open '../../../mnt/storage/uploads/pics/file.ext' for writing: Permission denied in /var/www/script/functions.php on line 444,

Ok,

regarding the Alias directive, did you created the correct setup with a Directory directive as suggested by the documentation?

In particular, if you are creating an Alias to a directory outside of your DocumentRoot, you may need to explicitly permit access to the target directory.

Alias /uploads /mnt/storage/uploads/
<Directory /mnt/storage/uploads/>
    Require all granted
</Directory>

In case you're NOT using Apache ver.2.4, then replace Require all granted with:

Order allow,deny
Allow from all

And refer to the Apache documentation for your current version. This should fix the first error.

Also, try:

sudo chown -R www-data:www-data /mnt/storage/uploads/
sudo chmod -R 755 /mnt/storage/uploads/

The -R flag will apply the rule to all subdirectories and files in the defined path. If it does not work extend it to the group: 775. Check also the permissions of the mount point, i.e. storage, when you re-mount the permission could change and deny the access.

I did all the above from giving chmod 755 to folders and give Apache user to access this folder, but I found something might be the cause for my problem,
when accessing the server as root I can view content of /mnt/storage/
but when logged in in any other users including Apache user www-data its permission denide, so is it something related to mounted device or what ?

It could be, do:

ls -lh /mnt
ls -lh /mnt/storage
ls -lh /mnt/storage/uploads

And return the output for each command. Question: the web server is chrooted?

thanks for replying
I found a solution for my problem by editing file
/etc/fuse.conf
remove # in front of allow_other

Great, thanks for sharing!