I am trying to self host a PHP script called sngine. (facebook clone)
When trying to install it I get an error:
config.php - Required includes folder to be writable for the installation
when I run ls -l I get this: drwxrwxrwx 5 mbeck mbeck 4096 Aug 25 23:00 includes
I don't know why it is saying that it's not writable.
The script is in var/www/{domain name}/
I am on Apache/2.4.41 (Ubuntu) and PHP version: 7.4.22
EDIT:
I found someone saying to run chown www-data:www-data <directory> So I did, and permissions now return drwxrwxrwx 5 www-data www-data 4096 Aug 25 23:00 includes and the error is still there.
Ok, I found it!
I had to run sudo chown -R www-data /var/www/example.com/mydomain/includes/
Now it works!
I don't have too much experiences with servers but I've tried to do something ;)
I have my WP webpage on amazon EC2 and
I wanted to edit some settings in php.ini through filezilla (sftp) But I had to set permissions to my user:
sudo chown -R ec2-user:ec2-user /etc
But now I can't even restart apache or set back permissions to root
If i try to do something like this:
sudo chown -R root:root /etc
or
sudo systemctl restart apache2.service
I see this information:
"sudo: /etc/sudo.conf is owned by uid 500, should be 0 sudo: /etc/sudoers is owned by uid 500, should be 0 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin"
What can I do?
You should never do sudo chown -R ec2-user:ec2-user /etc. You have modified the permission settings of your entire /etc directory.
/etc is a very important folder for your operating system that's why you're getting the error.
launch a new instance and backup your source code from your previous instance and re-upload the code. let me know if you have any issues.
I'm not understanding why you can't modify your php.ini file? You need to ssh into the server and edit the file. If you can't do that, you need to move the file to the ftp folder where it's permissible, modify the file and put the file back to it's original location and restart apache.
Furthermore, I recommend you use Ubuntu for your Wordpress server rather than using Centos or Amazon Flavour of Linux.
log into putty as ec2-user
sudo su
[root#ip-yoursite- home]
now for php 5.0 sudo vim /etc/php.ini
for php 7.0 use sudo vim /etc/php-7.0.ini
press i and now search for upload_max_filesize =100M , post_max_size=100M
(change as per your requirement)
press esc ,now save and exit use this command:wq
restart your apache server
sudo service httpd restart
The short answer is that chown -R is recursive and there are lots of utilities and other files and programs required for various operations, including sudo and su. Root is a special user with uid 0, and that user has greater permissions, and the ability to perform certain operations, that ec2-user cannot. This means that undoing what you have done is not simple or straightforward.
This is why the answers provided so far focus on a reinstallation of the operating system, which is what I would also recommend. It is likely faster.
Another part of this answer is to not try and sftp into the server to change core files. It would require having an sftp login land at the root (or /etc) directory, and that is not a common configuration.
Instead, use sftp or scp to copy changed files to a user directory, and them move them from a command prompt (ssh/bash shell). For simple textfile editing, it is easier to use a command line text editor such as nano which is more user friendly than some of the older editors.
As well, the file itself does not nor should it have its permissions changed, rather, once logged in, use sudo or su to perform the operations. Example:
ssh ec2-user#host.domain.tld
sudo su
nano /etc/php.ini
Imagine that you have a series of boxes, each with two numbers inside. These numbers are mostly 0:0 but could be any whole numbers up to 2^31-2.
The numbers are independent, so 0:0 and 0:42 are both possible. Your -R flag recursively changes all of these numbers in all of the boxes to the same pair.
This loses information. (Without a backup) there is no easy way to know what the numbers in the boxes were before you ran the command.
If you have a matching, (or very similar) server you might be able to restore most of the permissions using rsync, or use a script to record the uid:gid of each file on the working server into a log file and then use that to correct the permissions on the broken server.
ls -n
will show you the numerical values for uid and gid (3rd and 4th column on my linux servers.)
There are two options.
Create a new instance on Amazon. Check the file permissions on the new machine.
cd /etc
ls -lrt
This should give result like this
-rw-r--r-- 1 root root 2064 Nov 24 2006 netscsid.conf
-rw-r--r-- 1 root root 1343 Jan 10 2007 wodim.conf
-rw-r--r-- 1 root root 624 Aug 8 2007 mtools.conf
-rw-r--r-- 1 root root 2570 Aug 5 2010 locale.alias
-rw-r--r-- 1 root root 356 Jan 2 2012 bindresvport.blacklist
-rw-r--r-- 1 root root 349 Jun 26 2012 zsh_command_not_found
Set the same permission on old EC2 instance one by one.
Example
chown -R root:root netscsid.conf
You could create a new setup.
PS: for future, You could use this command for changes in php.ini file rather than changing owner or permission.
sudo vim /etc/php5/apache2/php.ini
No need to change ownership of the folder that contains the php.ini file.
Aim: Grant permission to user 'ec2-user' so that FileZilla can write to /etc folder which contains the php.ini file.
Doing this we can rename the original php.ini file and replace the php.ini file with a modified copy.
Steps:
Login to ec2 instance via 'Putty'
Navigate to the folder that has the php.ini file
example:
cd ../
Use:
ls -l
to list files nd folders with their permissions
Look for the line that shows the folder that contains the php.ini file
somthinng like this:
drwxr-xr-x 80 root root 4096 Jul 11 08:15 etc
Change permissions of this folder:
sudo chmod 777 etc
(NOTE:Change it back to the original permissions later)
Use:
ls -l
to see the change
Restart Apache:
sudo service httpd restart
Now FileZilla will have permission to that folder,
rename the origial php.ini file to revert back in future
replace the php.ini file with a modifided copy
Check ur site(a page which has errors) after a minute, the errors will be displayed.
I can't run command line script from Exec
$exec = exec($command, $output, $return );
I have tried passthru,shell_exec,system but obviously this is not the problem.
sudo chown -R www-data:www-data /root/path/nonce.py
sudo chmo 775 /path/nonce.py
sudo chmo 777 /path/nonce.py
sudo chmo 755 /path/nonce.py
didn't helped
exec("python -V 2>&1");
works
But
/usr/bin/python /root/path/nonce.py
Array ( [0] => /usr/bin/python: can't open file '/root/path/nonce.py': [Errno 13] Permission denied )
dosent
running on nginx and php5-fpm
You need to consider the permissions for each directory on the path to the Python script. This means:
/root
/root/path
/root/path/nonce.py
The permissions for the root account are naturally restricted. If you look a root's home directory:
$ ls -ld /root
dr-xr-x---. 9 root root 4096 Aug 20 23:50 root
You will see that only the root user, and users within group root, can read or list the contents of /root.
It's a bad idea to place your script in root's home. There are more appropriate places such as /var/www/cgi-bin assuming that your script is a CGI script. On my system:
$ ls -ld /var/www
drwxr-xr-x. 4 root root 4096 Jul 17 17:22 /var/www
$ ls -ld /var/www/cgi-bin
drwxr-xr-x. 2 root root 4096 Jul 17 17:22 /var/www/cgi-bin/
which can be read and listed by any user. You should install the script in a directory appropriate for nginx.
one of the directories on the path probably lacks r permisison for the relevant user - most likely /root
can you move the python script to a dir that is world readable?
I've uploaded some php scripts to my server under /php directory and sub directories.
When using my root user in terminal and running php file.php it execute it perfectly, but when trying to reach the same file through the browser - nothing happens...
I guess it something to do with permissions.
I've tried chmod 755 phpdirectory but it doesn't work..
what else should i do in order to give the browser user the ability to run php scripts ?
Update
I'm using FreeBsd system with apache and Direct Admin on it.
Can some one please guide me to where to check the settings ?
Usualy All webb access to a file is done through a specific user (eg. www-data) in order for the file to be reachable through web www-data needs permission to reach the code. How you setup that depends on what system the server is running.
Also the server document_root needs to be setup correctly. Where you do this also depends on what server you are runnning.
EDIT after update question.
In apache this is normally done through the file /etc/apache/sites-avalible/your_site
If the server only serves one page you can do this in http.conf
Check whether the User directive inside httpd.conf file is same as the user you used to ran the PHP script.
You need to make sure your PHP scripts have same user and group as you configured in Apache configuration(/etc/httpd/httpd.conf in CentOS 6.4).
# User/Group: The name (or #number) of the user/group to run httpd as.
User apache
Group apache
Check the owner and group of your PHP directory and files. In this case owner and group (root/root) are not same as Apache User and Group.
# ls -alh
total 516K
drwxr-xr-x. 5 root root 4.0K Aug 29 17:57 .
drwx------. 5 root root 4.0K Jun 24 12:06 ..
-rwxr--r--. 1 root root 356K Jul 7 2012 index.php
To change the owner and group of your PHP directory. Use the following command.
# chown -R apache:apache www
I am creating a web application. Part of the functionality is depending on that the user can start/stop a cronjob that imports emails.
It doesn't work.
Just to make sure I'm on the right track, as a starter I just want to make 'crontab -l' from php to work and print it to the web browser.
This is how I do it (handle_email_cronjob.php):
$output = shell_exec('crontab -l');
echo $output;
but all I get is nothing. (doing shell_exec('ls -l'); gives me the list of files/dir in the directory)
cat error_log:
'/var/spool/cron' is not a directory, bailing out.
Well, it is a directory no matter what the error log say. ls -Z /var/spool:
drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 cron
SELinux is on and I don't want that to change.
ls -Z /var/spool/cron:
-rwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 apache
-rw-------. root root unconfined_u:object_r:cron_spool_t:s0 root
it's apache that should be used. (I did try setting cron_spool_t to apache, but still didn't work.)
ls -Z handle_email_cronjob.php:
-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 handle_email_cronjob.php
I just have a gut feeling that it is related to SELinux, but I can't figure out how to fix it.
What is the problem and how can I fix it? (or is there a better approach for doing this than my?)
After learning how to troubleshoot SELinux I realized that I had to label /var/spool/cron so httpd can read/write to that directory:
chcon -R -t httpd_sys_script_rw_t /var/spool/cron
References:
Understanding audit.log
Troubleshoot SELinux