I'm using Apache and PHP. Webroot directory is /home/name/public_html
I want to include a file from /home/name/abc.php
include_one "/home/name/abc.php";
I got failed to open stream: Permission denied warning.
If i move the same file inside the webroot /home/name/public_html/abc.php
There is no error.
Apache User and Group has the permission to access the file /home/name/abc.php
I have another server with the similar configuration, it is working. Just want to know the possible reason.
I tried to run the PHP script directly in linux console, there is no permission issue. I guess the problem is in Apache configuration.
You should verify that php is really executed as the apache user. Depending on your configuration it might be possible that php is running under a different user, e.g. if your Apache is set up to use php-fpm.
If the server is a linux system, putting this
<?php
echo "<pre>";
var_dump(posix_getpwuid());
into a file and accessing via the web browser should show you the user informations.
I found the way to solve this issue from here. I have SELinux running on my Centos 7 Virtual Server.
I need to grant httpd permission to read from /home dir using:
sudo setsebool httpd_read_user_content=1
Related
I am trying to run some PHP applications on CentOS powered server with apache and MySQL. My apps have to create files on server, but it always says that permission is denied to create a file.
Files are located in /var/www/html. I even tried setting 777 permission to html folder and html/*. I changed apache user and group to myuser, that exists, and restarted apache. I changed the ownership of html folder and all files inside to myuser. I even tried changing document root to /home/myuser/public_html
I tried this code to test write permission. File location is /var/www/html/index.php and /home/myuser/public_html/index.php
$handle = fopen("a.txt", "w");
fwrite($handle, "test");
fclose($handle);
I am just more than amazed by this problem. The same configuration works on my another Ubuntu server.
Some geniuses must be here, help me.
You need to allow you server user to do write operation on your directory, User the below command, If it is a multilevel directory use -R flag.
sudo chown www-data my-dir
Instead of manually giving permission you can try chmod($handle, 0777) within your code.
I know this is a common issue but I haven't been able to single out the problem for my specific use case, so bear with me.
I have a simple PHP script send_id which simply sends an ID number and saves it to a TXT file on my RHEL server running Apache 2.4.6 with PHP 5.4.
The error message: Warning: file_put_contents(/var/www/html/id.txt): failed to open stream: Permission denied in /var/www/html/send_id.php on line 6
'1' written to server
The PHP script itself:
<?php
$id=$_GET['id'];
$stringData = "$id";
$file = file_put_contents('/var/www/html/id.txt', $stringData.PHP_EOL , FILE_APPEND |LOCK_EX);
echo "'$stringData' written to server";
?>
chmodding to 777 didn't do anything. Additionally, I checked to see ownership rights and noticed that the id.txt file is owned by the root user at both user/group level, and PHP is being run at root level.
Anyone have any suggestions? If its any help, this seems to have happened after a yum update
I resolved this issue by simply running chcon -Rt httpd_sys_content_rw_t on the directory where my troubled PHP script lived in.
The chcon command changes the SELinux context for files. However, changes made with the chcon command are not persistent across file-system relabels, or the execution of the restorecon command.
-Rt are to change the type of the directory and its contents, httpd_sys_content_rw_t is to give apache write access
source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files
Additional note
ls -alZ *
The -Z switch will work with most utilities to show SELinux security contexts
Try changing the owner of the folder and the file to (chown) to "www-data" or to "www-data:www-data" and see if it changes anything...
Use a relative file path from, Apache's "DOCUMENT ROOT" to reference files in PHP. It's Apache's permissions that matter, and for security reasons it is coded to inhibit access to files outside of DOCUMENT_ROOT.. (yes even though your path leads within it, Apache is blocked as soon as it sees the path starts with "/VAR" ..
Assuming this PHP script is in the same directory as id.txt file , just use
$file = file_put_contents('./id.txt', $str...
Or if the txt file was in a sub-directory
file_put_contents('./sub-dir/id.txt', $str...
Not only is it secure, it's a lot shorter to type too.
Hie,
I have installed a new httpd server and loaded my web application on it which is designed to upload files on the server. Also it creates new directories and files inside the web directory of the application. But i am unable to use these features because it gives me a permission denied error. I searched onto the web and got the clue that i require to enable ftp login through my PHP script. I changed the ownership and permissions but it is still not working. Can please someone explain the configuration required in simple steps to enable these features. I am using CentOs-6. It will be highly appreciated. Sorry for the miss formed question.
Configurations I tried out:
Create a Linux user and group named webuser. Give it permissions of
the directory of my web applications. Install Vsftpd and allow webuser
to login. Set webuser FTP root directory same as my Web Application
directory (i.e /var/www/mysite)
My httpd user is apache.
I was doing everything right. The only problem was CentOS SELinux. It was not allowing apache to write files into the web directory.
Using the command "setenforce 0" , i closed it down and everything started working.
Later, I added an exception into my SELinux policies to fix issues.
Fresh install of a Debian server. Apache2, PHP5.
When I try to browse a PHP file I get 403 Forbidden. I am able to browse to html files.
I have tried the following:
Reinstalled Apache, PHP, libapache2-mod-php5
Restarted Apache
Checked the conf file thoroughly, copied from default, set the correct Directory path and allow from all
Checked permissions of directory, as a test have given full 777 permission to /var/www/site - still forbidden
Cant think of what else to try ?
Perform chmod 755 of the directory in which the PHP scripts reside.
After that restart the Apache/nginx server
or
if above method not work then contact your hosting provider to whitelist that url to phpscript because it can be issue with mod_security. Its the most annoying thing hostgator user are facing.
Check if the alow/deny pattern in your http.conf is set correctly.
What's written to the apache error log?
I recently moved my website to a new host and now am experiencing some broken code..
I have an uploading script that is now returning this:
move_uploaded_file() failed to open
stream: Permission denied in *..
I've set the upload directory to 777 which worked fine, but my script is needed to have top level permissions..
(As the script itself sets permission to directories, does lots of copying etc)
Is there a way in apache I can set the PHP script to the owner of all the folders on my server?
Thanks
Also
When looking in phpInfo()
Under
apache2handler
User/Group nobody(99)/99
Is this related?
I wouldn't go that route, just give it permissions to the defined upload_tmp_dir, or define upload_tmp_dir to be a directory you have access to. If it is that directory you have problems with. If the target is the problem, and you've 777'ed it, something fishy is going on.
Do you have ssh access to your new host? The reason I ask is that it's probably not best to use the username/group as nobody, as most other services would use this too. I would change it to something like apache
You can then update httpd.conf, adding in these two lines (reloading the config after):
User apache
Group apache
Then, run chown apache:apache -R dir_name to make apache own it.
well,
When you are trying to set the permission like "0777", you must be running on same authority.
What I mean is.
For example, your script tells to change a folder/file permission to 0777, but the folder or file already has a permission and that is '0755' so you are not authorised to make that change. as the user have only 5 authority.
Either, you need to login to FTP and change the folder permission to 0777 and then you have full control over it or you have to stick with using 0755 or similar.