Running Ubuntu 18.04, Apache/2.4.29, PHP 7.2.10.
I am unable to read/write into my mounted drives from PHP.
this is my sample code:
<?php
ini_set('display_errors', '1');
error_reporting(E_ALL);
$folder = '/media/superuser/HDD4TB_CRYPT/nextcloud_data';
var_dump(ini_get('open_basedir'));
file_put_contents($folder.'/x.txt', "AA");
echo file_get_contents($folder."/x.txt");
phpinfo();
This is output:
string(0) ""
Warning:
file_put_contents(/media/superuser/HDD4TB_CRYPT/nextcloud_data/x.txt):
failed to open stream: Permission denied in
/var/www/html/nextcloud/x.php on line 9
Warning:
file_get_contents(/media/superuser/HDD4TB_CRYPT/nextcloud_data/x.txt):
failed to open stream: Permission denied in
/var/www/html/nextcloud/x.php on line 10
these are folder details:
superuser#SuperTower:/var/www/html/nextcloud$ ls -al /media/superuser/HDD4TB_CRYPT/
total 28
drwx------ 4 superuser superuser 4096 feb 3 20:55 .
drwxr-x---+ 4 root root 4096 feb 2 00:06 ..
drwx------ 2 root root 16384 feb 1 22:49 lost+found
drwxrwxrwx 2 www-data www-data 4096 feb 3 21:29 nextcloud_data
I tried editing open_basedir, but this did not help to solve any issues, so I just commented it out. Therefore open_basedir has no value in phpinfo(). Folder is chowned to www-data (this is apache user) and also chmoded to 777.
/media/superuser/ contains folders with mounted drives on my PC. superuser is my username in Ubuntu.
Thanks for any ideas!
P.S.
I have also tried adding a symlink to my folder:
superuser#SuperTower:/var/www/html/nextcloud$ ls -al data
lrwxrwxrwx 1 www-data www-data 45 feb 3 21:05 data -> /media/superuser/HDD4TB_CRYPT/nextcloud_data/
and using
$folder = '/var/www/html/nextcloud/data';
but the results are exactly the same.
I also tried adding
<Directory /var/www/html/nextcloud/data>
Options +FollowSymLinks
Allow from All
</Directory>
no change in the resulting behavior :/
For some reason no matter what ownership/permissions I set on folder, /media/superuser is never accessible by www-data.
I edited /etc/fstab to mount drive into /opt/ folder and I chowned it to www-data user and group.
Works like a charm now.
Related
I have Ubuntu 16.04 with Apache2 and php7 on it.
I wan't to read some log files with php and print them.
Therefore I do a simple
readfile("/var/log/apache2/access.log");
But that does not work. I get this error:
Warning: readfile(/var/log/apache2/access.log): failed to open stream: Permission denied in /var/www/test.php on line 2
I'm quite sure I've set the permissions right, Apache and php runs as www-data, so I added the user www-data to the groups 'adm' and 'syslog', as these groups have read permissions for the whole file path and the file itself.
Permissions are 640 by default, but only if I set it to 647 for example, the file is readable for php/apache.Even 644 or 646 is not enough.
Why is that? Do I have to change something in the Apache vhost config?
Addition: ls -alp /var/log/apache2
drw-r----- 2 root adm 4096 Oct 25 11:07 ./
drwxr-xr-x 9 root syslog 4096 Oct 25 10:39 ../
-rw-r----- 1 root adm 47861 Oct 25 14:01 access.log
-rw-r----- 1 root adm 12014 Oct 25 14:01 error.log
-rw-r----- 1 root adm 0 Oct 25 10:40 other_vhosts_access.log
Since this is clearly a permissions error, ensure each parent folder leading to access.log definitely have the group set to either adm or syslog.
Each folder leading up to access.log must have at least a group permission of read and execute (g+rx) to allow PHP to descend into each sub-directory.
If I were you, I would change the apache config to write the file to a publicly inaccessible folder in your web root (since the log file is clearly essential in your application). This saves you from modifying system folder permissions which can be dangerous especially in web applications.
I tried to write in console this command for all permissions for folder:
chmod u+rwxrwxrwx /var/www
But I am confused because I got this output:
ls -la /var/www
drwxrwxrwx 3 root root 4096 Ağu 16 12:24 .
drwxr-xr-x 15 root root 4096 Ağu 16 12:24 ..
drwxrwxrwx 3 root root 4096 Ağu 19 04:29 html
There is all permission for html folder, or I am wrong? this folder in var/www yes? So it needs another command for special permission this var/www folder like in error?
And I tried a few more ways but I could not fix this error:
Could not move uploaded file here: wp-content / uploads.
Root is the owner of html/...
You should try to change the owner (esp. for wp-content), so that PHP have the permission to write/move in these folders.
Overview
I'm using Laravel 4.2 with an image upload feature. I have it set up on Homestead, but recently I removed Nginx and serve the site with Apache instead (due to the need to use Server Sent Events).
Before I moved from Nginx to Apache the file upload functionality worked fine. It also works fine on a staging server with Apache.
The Error
I'm using the Intervention image library to handle image uploads. When I try to upload a file, I get the following in my laravel.log file:
Can't write image data to path (/home/vagrant/projects/projectname/public/assets/pics/profile/photos/f55f0ae2-2d1a-4fdd-b9be-39d8a509baa3.jpg)
What I've Tried
I thought it was just a simple permissions error. I've gone so far as to chmod my asset directories to 0777, change the directory owner to www-data, create a new group called web with www-data and change the owner group to that, (basically everything in this answer and more) and still it doesn't work.
The directory definitely exists, and like I mentioned, it worked before the move to Apache (I'm not entirely sure if it's related but it seems likely).
My /var/log/apache2/error.log is empty, too.
The staging server works fine, but I don't want to encounter the same problem when I provision the production server. I'd like to fix the problem and understand it more so I can fix it if I ever come across it in the future. Why is this happening and what can I do to fix it/debug further?
Example Folder Permissions
drwxr-xr-x 1 vagrant vagrant 272 Jan 26 11:07 assets/pics
drwxr-xr-x 1 vagrant vagrant 170 Jan 26 10:11 assets/pics/defaults
drwxr-xr-x 1 vagrant vagrant 714 Jan 26 14:10 assets/pics/forums
drwxr-xr-x 1 vagrant vagrant 646 Jan 26 14:10 assets/pics/forums/thumbs
drwxr-xr-x 1 vagrant vagrant 170 Jan 20 18:02 assets/pics/gallery
drwxr-xr-x 1 vagrant vagrant 3026 Jan 26 13:24 assets/pics/messages
drwxr-xr-x 1 vagrant vagrant 2992 Jan 26 13:24 assets/pics/messages/thumbs
drwxr-xr-x 1 vagrant vagrant 136 Jan 8 17:27 assets/pics/profile
drwxr-xr-x 1 vagrant vagrant 136 Feb 10 14:48 assets/pics/profile/photos
drwxr-xr-x 1 vagrant vagrant 102 Feb 10 14:51 assets/pics/profile/photos/thumbs
For some reason the owner/group is still vagrant, even when I chown them. I've tried with sudo chown and by doing sudo -s.
Try modifying your Vagrantfile to include this line, before the end of the Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| block:
config.vm.synced_folder "/path/to/laravel/app", "/home/vagrant/projects/projectname", :owner => "www-data", :group => "www-data", :mount_options => ["dmode=775", "fmode=664"]
The string "/path/to/laravel/app" must point to dir you're working on outside the Vagrant machine. This should force the file owner and permissions to be the ones you specify for all the project files (so they're not overridden by vagrant). You'll need to restart the VM after you make the change.
How are you doing your chown? It should be
chown USERNAME GROUP -R /path/to/file
My website creates files with owner apache:apache when uploading a file, like this:
drwxr-xr-x 2 apache apache 4096 Aug 28 14:07 .
drwxr-xr-x 9118 apache apache 233472 Aug 28 14:07 ..
-rw-r--r-- 1 apache apache 41550 Aug 28 14:07 468075_large.jpg
-rw-r--r-- 1 apache apache 26532 Aug 28 14:07 468075_medium.jpg
-rw-r--r-- 1 apache apache 50881 Aug 28 14:07 468075_original.jpg
-rw-r--r-- 1 apache apache 4316 Aug 28 14:07 468075_small.jpg
Now I am trying to create a file inside the same folder with the user that owns that domain in Plesk and I get permission denied.
How can I have both apache and shell user with permissions over that files?
Thanks.
You have to create a group and put your Plesk and Apache user in it. Than you have to chmod -R g+rwX on your files.
And set the default umask of your system to 002.
If that shell user is not apache but in the same group, you will need to make the folder group writeable.
chown 755 .
As it is right now it won't allow anyone other than apache to add a folder.
Or, you can try to use php to do fopen?
Thanks for the answers but I finally decided to run a cron job that will open a php script from the website using wget.
That way it's the same apache user that already has access to the files. I did this basically because I've got tons of files, about 300GB of images so it would take a lot I think to apply al the new permissions.
www#srv:/$ ls -lAh /data/
drwxrwxr-x 654 www www 20K Aug 21 00:01 history
ls -lAh /data/history/
drwxrwxrwx 19 www www 4.0K Aug 21 10:58 2012-08-21
So I have a directory 2012-08-21 and permissions seem to be OK...
PHP and Nginx both run as www:www for sure...
However...
Warning: mkdir(): Permission denied in /www/sites/mine/shop.php on line 366
string(57) "dir: /data/history/2012-08-21/1104-DAD2974M/"
If you are certain that your servers are running as www, then you need to check the permissions on /data/history/2012-08-21/. It may not permissions to allow creating a directory within it.
The permissions on the history directory are not enough to review, you have to look at the next level as well.