I have made a lot of Symfony apps that work in production, but recently tried deploying one to Ubuntu 16 for the first time. var/logs/prod.log shows errors about not being able to find classes, so of course the app won't run.
I can "fix" this with chmod 777 /var/www/ -R, and everything starts working. Surely that's not safe... How can I fix this the right way?
Note: I am currently not logged in as a user but as root.
*EDIT
The app will not run after chmod 777 /var/www/var -R to change permissions for chache and logs, but only if I change the permissions for all the folders of the entire app.
You might try locating folders/files which are the problem and change ownership to www-data which is actually used by Apache.
For a whole directory with files recursively:
chown -R www-data:www-data [folder_path_and_name]
For a specific file:
chown www-data:www-data [file_path_and_name]
Symfony has a section in the documentation for file permissions
Mainly you need to adjust the apache user permissions for logging, and as root you can easily do that.
Just remember to ignore the logs + cache if you're using source control such as Github.
Related
I am trying to write a query to a file for debugging. The file is in database/execute.php. The file I want to write to is database/queries.php.
I am trying to use file_put_contents('queries.txt', $query)
But I am getting
file_put_contents(queries.txt) [function.file-put-contents]:
failed to open stream: Permission
denied
I have the queries.txt file chmod'd to 777, what could the issue be?
Try adjusting the directory permissions.
from a terminal, run chmod 777 database (from the directory that contains the database folder)
apache and nobody will have access to this directory if it is chmodd'ed correctly.
The other thing to do is echo "getcwd()". This will show you the current directory, and if this isn't '/something.../database/' then you'll need to change 'query.txt' to the full path for your server.
You can make Apache (www-data), the owner of the folder:
sudo chown -R www-data:www-data /var/www
that should make file_put_contents work now. But for more security you better also set the permissions like below:
find /var/www -type d -print0 | xargs -0 chmod 0755 # folder
find /var/www -type f -print0 | xargs -0 chmod 0644 # files
change /var/www to the root folder of your php files
There's no need to manually write queries to a file like this. MySQL has logging support built in, you just need to enable it within your dev environment.
Take a look at the documentation for the 'general query log'.
This can be resolved in resolved with the following steps :
1. $ php artisan cache:clear
2. $ sudo chmod -R 777 storage
3. $ composer dump-autoload
Hope it helps
I know that it is a very old question, but I wanted to add the good solution with some in depth explanation. You will have to execute two statements on Ubuntu like systems and then it works like a charm.
Permissions in Linux can be represented with three digits. The first digit defines the permission of the owner of the files. The second digit the permissions of a specific group of users. The third digit defines the permissions for all users who are not the owner nor member of the group.
The webserver is supposed to execute with an id that is a member of the group. The webserver should never run with the same id as the owner of the files and directories. In Ubuntu runs apache under the id www-data. That id should be a member of the group for whom the permissions are specified.
To give the directory in which you want to change the content of files the proper rights, execute the statement:
find %DIR% -type d -exec chmod 770 {} \;
.That would imply in the question of the OP that the permissions for the directory %ROOT%/database should be changed accordingly. It is therefor important not to have files within that directory that should never get changed, or removed. It is therefor best practice to create a separate directory for files whose content must be changed.
Reading permissions (4) for a directory means being able to collect all files and directories with their metadata within a directory. Write permissions (2) gives the permission to change the content of the directory. Implying adding and removing files, changing permissions etc.. Execution permission (1) means that you have the right to go into that directory. Without the latter is it impossible to go deeper into the directory. The webserver needs read, write and execute permissions when the content of a file should be changed. Therefor needs the group the digit 7.
The second statement is in the question of the OP:
find %DOCUMENT_ROOT%/database -type f -exec chmod 760 {} \;
Being able to read and write a document is required, but it is not required to execute the file. The 7 is given to the owner of the files, the 6 to the group. The webserver does not need to have the permission to execute the file in order to change its content. Those write permissions should only be given to files in that directory.
All other users should not be given any permission.
For directories that do not require to change its files are group permissions of 5 sufficient.
Documentation about permissions and some examples:
https://wiki.debian.org/Permissions
https://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
http://www.linux.org/threads/file-permissions-chmod.4094/
Gathering info from this link stackoverflow-image save doesn't work with chmod 777 and from user azerafati and Loek Bergman
if you were to look under /etc/apache/envvars file you will see something like:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
Apache is run under the username 'www-data'
'0755' means the file owner can read/write/execute but group and other users cannot write. so in ur terminal, cd to the folder containing your 'images' folder. then type:
find images -type d -exec chmod 0755 {} \;
find images -type f -exec chmod 0755 {} \;
sudo chown -R www-data:www-data images
you must change persmissions first before changing owner.
enter your password when prompted. this will make 'www-data' owner of the images folder.
your upload should now work.
I use a shared Linux hosting, when my admin changed the php to 5.3 I got many errors for the "file_put_contents" code. try to test my plan:
In your host create a file like mytest.php, and put this code in and save:
<?php mail('Your-EMail','Email-Title','Email-Message'); ?>
Open the URL "www.your-domain.com/mytest.php" one time and then check your email. You should have an email from your host with the information you entered in mytest.php, check the sender name. If it's from Nobody you have problem about "Permission Denied" because something not defined and if the sender name is like my id: iietj8qy#hostname5.netly.net you don't have a problem.
My admin changed the server and installed the host again I think and the problem got solved, tell your host administration what I told you and maybe they find the answer.
If you are pulling from git from local to server, you will need to clear cache sometimes because of the view files it gets uploaded with it / or other cached files .
php artisan cache:clear
Sometimes it might just to the trick if your application was working before the git pull
this might help. It worked for me. try it in the terminal
setenforce 0
For anyone using Ubuntu and receiving this error when loading the page locally, but not on a web hosting service,
I just fixed this by opening up nautilus (sudo nautilus) and right click on the file you're trying to open, click properties > Settings > and give read write to 'everyone else'
use this cammand to give permission for storage/framework and logs
sudo chmod -R 777 storage/logs storage/framework
if you still have a permission error
try this to give group to write in log
sudo chmod g+w storage/logs
had the same problem; my issue was selinux was set to enforcing.
I kept getting the "failed to open stream: Permission denied" error even after chmoding to 777 and making sure all parent folders had execute permissions for the apache user. Turns out my issue was that selinux was set to enforcing (I'm on centos7), this is a devbox so I turned it off.
I ran into the same issue, I'm using Laravel, so what I just did was:
php artisan view:clear
And fixed!
I stopped the virus scanner (Avast). That solved the problem! It eventually appeared that Avast had a ransomware shield blocking the write actions to the documentroot folder(s). Adding the shield exceptions for the individual programs (PHP, Tesseract) solved the issue!
Here the solution.
To copy an img from an URL.
this URL: http://url/img.jpg
$image_Url=file_get_contents('http://url/img.jpg');
create the desired path finish the name with .jpg
$file_destino_path="imagenes/my_image.jpg";
file_put_contents($file_destino_path, $image_Url)
There 2 way to resolve this issues
1. use chmod 777 path-to-your-directory.
if it does not work then
2. simply provide the complete path of your file query.txt.
Furthermore, as said in file_put_contents man page in php.net, beware of naming issues.
file_put_contents($dir."/file.txt", "hello");
may not work (even though it is correct on syntax), but
file_put_contents("$dir/file.txt", "hello");
works. I experienced this on different php installed servers.
So I have a PHP file located in /var/www/html/test.php and I have it run the code shell_exec('touch /home/pi/Desktop/test_file')
However, the webpage displays fine but when I check the apache log files, I always get permission denied. I understand that apache is running as www-data user and my main user pi probably have some permission clash (I'm new to this stuff).
I tried many options I found on-line, the most promising was here, which suggested I run the commands:
sudo chown -R pi:www-data /home/pi/Desktop
sudo chmod -R g+s /home/pi/Desktop
...but I still get permission denied. Can anyone please suggest what permissions I may need to still configure? I want to ensure security, but at the same time need my PHP file to be able to create new files. I used the Desktop as an example directory, but really I don't care which directory, I just need a directory. I tried touching a file within /var/www/html, but that was permission denied as well. Thanks!
if your apache process is running as www-data, and the file ownership is pi:www-data, you probably need to run this chmod:
sudo chmod -R g+w /home/pi/Dekstop
First, setting the group as www-data won't matter if the files are not group writable. Mode 755 will ensure apache can read the files, but the www-data user would still not be able to write.
Secondly, using "g+w" adds group write without messing with any of the other bits. [644 becomes 664, and 755 becomes 775)]. This way you can safely adjust permissions recursively, without making files executable that shouldn't be.
Incidentally, sudo chmod g+s ... is probably not what you want. That will instead set the sgid bit, and not the group write bit.
First of all, why the heck are you using shell_exec to create a file? PHP has it's own touch() function that will do that for you. You can also create files just by opening a nonexistent file using certain modes (ie, fopen("myfile", "w"))
Using exec to create your files is surely messing with your permissions.
You need to find out which user PHP is running as and chown to that user. You can find that out by running get_current_user().
Then you need to change the permissions with chmod. There's an example in the comments so I won't repeat it. Good luck. Stop using shell_exec.
I created a project with Laravel 4 but when I go to the folder localhost /my_project/public get some errors related to the permissions. I solved it setting to 777 all the permissions of the folder and files contained in my_project. Is there a way to solve this thing is not to make 777?
What's happen when you set 755 permission to my_project directory? Try to change permissions and check it. Your directory should be able to read all files in public directory.
I set my ownership to be owned by www-data:
chown -R auser:www-data /path/to/laravel/root
I also make all my subfolders and files read and write by group:
chmod -R g+rw /path/to/laravel/root
I also make my folders have a sticky bit so if you add a new file, it inherits:
chmod -R g+s /path/to/laravel/root
This has always worked for me. Perhaps Linux experts might have better ideas but this is what I use.
Please refer to Laravel's documentation about installation located at http://laravel.com/docs/installation. Under no circumstances you should run laravel on production with full permissions to the whole world. You must also remember that your "application" will be executed from the public directory so there is NO reason to allow read/write/execute for the whole world to the whole project directory unless you don't care about security at all.
Anyway, extracted from Laravel's documentation from the permissions section:
"Laravel may require one set of permissions to be configured: folders
within app/storage require write access by the web server."
This whould make your project run smooth.
I've just uploaded a simple symfony2 app on a production server, and I get this configuration error:
2 MAJOR PROBLEMS
Change the permissions of the "app/cache/" directory so that the web server can write into it.
Change the permissions of the "app/logs/" directory so that the web server can write into it.
editing "app/console", "web/app.php" and "web/app_dev.php" with: umask(0000) doesn't work, and if I right click on that folders with FileZIlla, their permissions are already 777. And so?
thanks...
You need to recursively set the permissions, most likely. I'm guessing FileZilla has that option, if not, ssh into the box, and run (replacing /path/to with the actual path)
sudo chmod 777 -R /path/to/app/cache
sudo chmod 777 -R /path/to/app/logs
Sidenote: setting the permissions to 777 is usually a really bad idea.
umask(0000) doesn't actually increase the permissions available to the script. It just ensures that files & directories created by those scripts are accessible from both the command line and the web server. If you're not using the command line, you probably don't need it at all.
I am trying to write a query to a file for debugging. The file is in database/execute.php. The file I want to write to is database/queries.php.
I am trying to use file_put_contents('queries.txt', $query)
But I am getting
file_put_contents(queries.txt) [function.file-put-contents]:
failed to open stream: Permission
denied
I have the queries.txt file chmod'd to 777, what could the issue be?
Try adjusting the directory permissions.
from a terminal, run chmod 777 database (from the directory that contains the database folder)
apache and nobody will have access to this directory if it is chmodd'ed correctly.
The other thing to do is echo "getcwd()". This will show you the current directory, and if this isn't '/something.../database/' then you'll need to change 'query.txt' to the full path for your server.
You can make Apache (www-data), the owner of the folder:
sudo chown -R www-data:www-data /var/www
that should make file_put_contents work now. But for more security you better also set the permissions like below:
find /var/www -type d -print0 | xargs -0 chmod 0755 # folder
find /var/www -type f -print0 | xargs -0 chmod 0644 # files
change /var/www to the root folder of your php files
There's no need to manually write queries to a file like this. MySQL has logging support built in, you just need to enable it within your dev environment.
Take a look at the documentation for the 'general query log'.
This can be resolved in resolved with the following steps :
1. $ php artisan cache:clear
2. $ sudo chmod -R 777 storage
3. $ composer dump-autoload
Hope it helps
I know that it is a very old question, but I wanted to add the good solution with some in depth explanation. You will have to execute two statements on Ubuntu like systems and then it works like a charm.
Permissions in Linux can be represented with three digits. The first digit defines the permission of the owner of the files. The second digit the permissions of a specific group of users. The third digit defines the permissions for all users who are not the owner nor member of the group.
The webserver is supposed to execute with an id that is a member of the group. The webserver should never run with the same id as the owner of the files and directories. In Ubuntu runs apache under the id www-data. That id should be a member of the group for whom the permissions are specified.
To give the directory in which you want to change the content of files the proper rights, execute the statement:
find %DIR% -type d -exec chmod 770 {} \;
.That would imply in the question of the OP that the permissions for the directory %ROOT%/database should be changed accordingly. It is therefor important not to have files within that directory that should never get changed, or removed. It is therefor best practice to create a separate directory for files whose content must be changed.
Reading permissions (4) for a directory means being able to collect all files and directories with their metadata within a directory. Write permissions (2) gives the permission to change the content of the directory. Implying adding and removing files, changing permissions etc.. Execution permission (1) means that you have the right to go into that directory. Without the latter is it impossible to go deeper into the directory. The webserver needs read, write and execute permissions when the content of a file should be changed. Therefor needs the group the digit 7.
The second statement is in the question of the OP:
find %DOCUMENT_ROOT%/database -type f -exec chmod 760 {} \;
Being able to read and write a document is required, but it is not required to execute the file. The 7 is given to the owner of the files, the 6 to the group. The webserver does not need to have the permission to execute the file in order to change its content. Those write permissions should only be given to files in that directory.
All other users should not be given any permission.
For directories that do not require to change its files are group permissions of 5 sufficient.
Documentation about permissions and some examples:
https://wiki.debian.org/Permissions
https://www.linux.com/learn/tutorials/309527-understanding-linux-file-permissions
http://www.linux.org/threads/file-permissions-chmod.4094/
Gathering info from this link stackoverflow-image save doesn't work with chmod 777 and from user azerafati and Loek Bergman
if you were to look under /etc/apache/envvars file you will see something like:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
Apache is run under the username 'www-data'
'0755' means the file owner can read/write/execute but group and other users cannot write. so in ur terminal, cd to the folder containing your 'images' folder. then type:
find images -type d -exec chmod 0755 {} \;
find images -type f -exec chmod 0755 {} \;
sudo chown -R www-data:www-data images
you must change persmissions first before changing owner.
enter your password when prompted. this will make 'www-data' owner of the images folder.
your upload should now work.
I use a shared Linux hosting, when my admin changed the php to 5.3 I got many errors for the "file_put_contents" code. try to test my plan:
In your host create a file like mytest.php, and put this code in and save:
<?php mail('Your-EMail','Email-Title','Email-Message'); ?>
Open the URL "www.your-domain.com/mytest.php" one time and then check your email. You should have an email from your host with the information you entered in mytest.php, check the sender name. If it's from Nobody you have problem about "Permission Denied" because something not defined and if the sender name is like my id: iietj8qy#hostname5.netly.net you don't have a problem.
My admin changed the server and installed the host again I think and the problem got solved, tell your host administration what I told you and maybe they find the answer.
If you are pulling from git from local to server, you will need to clear cache sometimes because of the view files it gets uploaded with it / or other cached files .
php artisan cache:clear
Sometimes it might just to the trick if your application was working before the git pull
this might help. It worked for me. try it in the terminal
setenforce 0
For anyone using Ubuntu and receiving this error when loading the page locally, but not on a web hosting service,
I just fixed this by opening up nautilus (sudo nautilus) and right click on the file you're trying to open, click properties > Settings > and give read write to 'everyone else'
use this cammand to give permission for storage/framework and logs
sudo chmod -R 777 storage/logs storage/framework
if you still have a permission error
try this to give group to write in log
sudo chmod g+w storage/logs
had the same problem; my issue was selinux was set to enforcing.
I kept getting the "failed to open stream: Permission denied" error even after chmoding to 777 and making sure all parent folders had execute permissions for the apache user. Turns out my issue was that selinux was set to enforcing (I'm on centos7), this is a devbox so I turned it off.
I ran into the same issue, I'm using Laravel, so what I just did was:
php artisan view:clear
And fixed!
I stopped the virus scanner (Avast). That solved the problem! It eventually appeared that Avast had a ransomware shield blocking the write actions to the documentroot folder(s). Adding the shield exceptions for the individual programs (PHP, Tesseract) solved the issue!
Here the solution.
To copy an img from an URL.
this URL: http://url/img.jpg
$image_Url=file_get_contents('http://url/img.jpg');
create the desired path finish the name with .jpg
$file_destino_path="imagenes/my_image.jpg";
file_put_contents($file_destino_path, $image_Url)
There 2 way to resolve this issues
1. use chmod 777 path-to-your-directory.
if it does not work then
2. simply provide the complete path of your file query.txt.
Furthermore, as said in file_put_contents man page in php.net, beware of naming issues.
file_put_contents($dir."/file.txt", "hello");
may not work (even though it is correct on syntax), but
file_put_contents("$dir/file.txt", "hello");
works. I experienced this on different php installed servers.