Python script is run through shell_exec command, but produces no output.
By no output I mean no errors, and when directed to output to file, the file is created, but is blank.
What does work:
Running this script as any other user
Running this script as apache using sudo -u apache ...
Other shell_exec commands run as apache
Other Python scripts run as apache in the same originating directory
Other Python scripts run using shell_exec in the same PHP script that output to the same folder
The only difference between the scripts that work and the one that doesn't is the use of import to load modules.
UPDATE: Looks like it's a permissions issue, but I can't figure out why
/usr/local/bin/python2.7: can't open file '/var/www/scripts/script.py': [Errno 13] Permission denied
Script location: /var/www/scripts
/var
drwxrwxr-x. 20 root apache 4096 Oct 26 00:04 var
/var/www
drwxrwxr-x. 8 root apache 4096 Oct 13 13:55 www
/var/www/scripts
drwxrwxrwx. 2 apache apache 4096 Oct 27 01:26 scripts
/var/www/scripts/script.py
-rwxrwxrwx. 1 apache apache 1315 Oct 27 09:25 script.py
UPDATE: F*****g SELinux.
Temporarily disabling SELinux with setenforce Permissive resolves the issue. What is the best approach to make SELinux let Apache run this script from this directory permanently?
Related
I know my question is similar to old ones answered many times. But stil, I don't understand why the following behavior. I'm on centos 7.9 with php 5.4.16.
Being the user, I can execute mkdir('/tmp/mydir', 0775) correctly
drwxrwxr-x 3 john john 60 20 déc. 09:30 mydir
When excuting as apache with sudo -u apache the php script either on CLI or with as an http request, I end up with
drwxr-xr-x 3 apache apache 60 20 déc. 09:22 mydir
And a sudo -u apache with chmod('./depth1',0775); works. The behaviour is similar when I do this is a directory that I own where apache has write mode or even in a directory belonging to apache. The fact that I belong to apache group, and apache belongs to my group does'nt change either when making the test in a directory I own and where group has write rights.
I am trying to self host a PHP script called sngine. (facebook clone)
When trying to install it I get an error:
config.php - Required includes folder to be writable for the installation
when I run ls -l I get this: drwxrwxrwx 5 mbeck mbeck 4096 Aug 25 23:00 includes
I don't know why it is saying that it's not writable.
The script is in var/www/{domain name}/
I am on Apache/2.4.41 (Ubuntu) and PHP version: 7.4.22
EDIT:
I found someone saying to run chown www-data:www-data <directory> So I did, and permissions now return drwxrwxrwx 5 www-data www-data 4096 Aug 25 23:00 includes and the error is still there.
Ok, I found it!
I had to run sudo chown -R www-data /var/www/example.com/mydomain/includes/
Now it works!
Even though permissions look fine within the container:
drwxrwxr-x 12 www-data www-data 4096 Dec 5 16:04 app
I'm getting a permission denied error when Apache is trying to write anything into that directory.
FYI: /app is mounted from the host machine like this:
/var/www/myApp:/app
Error is
\Exception\ErrorException: file_put_contents(/app/docker.log): failed to open stream: Permission denied in /app/src/Business/ExpediteGround/LHRates/Fetch.php:13
Found the issue everyone, Apache user was just fine (www-data) but I'm using fpm inside the container to compile the php code and it was running with a different user so that was the cause; switched the pool to run as www-data as I'm used to and it worked!
I have centos 7 running nginx/php-fpm with selinux enabled.
I know there is a lot of similar questions on internet but mine is a little different. Files are being created after setting selinux by nginx but it still says it can't read it...
tail /var/log/nginx/error.log
2015/10/07 16:18:25 [error] 17860#0: *79 FastCGI sent in stderr: "PHP
message: PHP Warning: session_start():
open(/var/lib/php/session/sess_sk456vdemnp391spiv3i622i96, O_RDWR)
failed: Permission denied (13) in /home/web/api/functions.php on line
9
ls -la /var/lib/php/session/
total 12 drwxrwx---+ 2 nginx nginx 82 Oct 7 16:18 . drwxr-xr-x. 3
root root 20 Oct 5 15:58 ..
-rw-------+ 1 nginx nginx 0 Oct 7 16:15 sess_52psgccceh91vokbau4pq08946
-rw-------+ 1 nginx nginx 0 Oct 7 16:18 sess_sk456vdemnp391spiv3i622i96
*User of php-fpm and nginx are "nginx"
*selinux policy is changed for allowing access to session folder
Do you know which log I should check to find out what is the problem?
Thanks!
I found the problem!
My /var/lib/php/session was system_u:object_r:httpd_sys_content_t:s0 instead of system_u:object_r:httpd_sys_rw_content_t:s0. This made nginx unable to edit stuff (only create).
To fix the problem:
1- reset the policy of folder:
restorecon -v "/var/lib/php/session"
2- then set the good one
semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/php/session
You don't even have to reload/restart nginx :P
Ran into the same issue.
In my case, the solution was to change the owner of the directory to nginx
chown nginx /var/lib/php/session
My website creates files with owner apache:apache when uploading a file, like this:
drwxr-xr-x 2 apache apache 4096 Aug 28 14:07 .
drwxr-xr-x 9118 apache apache 233472 Aug 28 14:07 ..
-rw-r--r-- 1 apache apache 41550 Aug 28 14:07 468075_large.jpg
-rw-r--r-- 1 apache apache 26532 Aug 28 14:07 468075_medium.jpg
-rw-r--r-- 1 apache apache 50881 Aug 28 14:07 468075_original.jpg
-rw-r--r-- 1 apache apache 4316 Aug 28 14:07 468075_small.jpg
Now I am trying to create a file inside the same folder with the user that owns that domain in Plesk and I get permission denied.
How can I have both apache and shell user with permissions over that files?
Thanks.
You have to create a group and put your Plesk and Apache user in it. Than you have to chmod -R g+rwX on your files.
And set the default umask of your system to 002.
If that shell user is not apache but in the same group, you will need to make the folder group writeable.
chown 755 .
As it is right now it won't allow anyone other than apache to add a folder.
Or, you can try to use php to do fopen?
Thanks for the answers but I finally decided to run a cron job that will open a php script from the website using wget.
That way it's the same apache user that already has access to the files. I did this basically because I've got tons of files, about 300GB of images so it would take a lot I think to apply al the new permissions.