My website is running on nginx + php-fpm and running well but while uploading file it shows blank page.My log file shows
2016/06/08 14:44:40 [error] 22063#22063: *25 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(up/propic/medium/5961465411480.jpg): failed to open stream: Permission denied in /var/www/example.com/saveimg.php on line 32" while reading response header from upstream, client:...
I tried most of answers from stackoverflow , even I changed the /var/www folder permissions to 777 but the results are same.
Few details about my server
/etc/php-fpm.d
user=nginx
group=nginx
ownership and group of /var/www/sites
drwxrwxrwx. 29 ec2-user root 4096 Jun 8 14:39 site1.com
After searching , I found it.It's all deals with SELINUX which is a security feature.
when using ls -Z
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_content_t:s0 www
change this to
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_rw_content_t:s0 www
using cmd
chcon -R -t httpd_sys_rw_content_t /var/www
You also need to check permissions and ownership of every folder on the way from
/var/www/sites/
to
/var/www/sites/site1.com/up/propic/medium
The user and group defined in your pool.d configuration require access rights to your nginx root location. This can be done by changing the user and group in your pool.d configuration to the same user and group that own your nginx root location or by adding the pool.d user to the group that owns your nginx root location. You can do that like this:
usermod -a -G groupName userName
# nginx error.log echo:
2019/10/12 11:11:02 [error] 3871#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /www/test.php (Permission denied)" while reading response header from upstream, client: 192.168.1.9, server: _, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "192.168.1.180"
In Centos System, After searching , I found it.It's all deals with SELINUX which is a security feature. when using ls -alZ
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_content_t:s0 www
# change this to
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_rw_content_t:s0 www
# using cmd
chcon -R -t httpd_sys_rw_content_t /www
Related
My goal is to configure php profiling for local development website in Kubuntu 16.04.
Installed tideways according to docs and checked it's installed correctly with:
php --ri tideways_xhprof
Created header.php with following contents
<?php
tideways_xhprof_enable();
Added reference to it to php.ini
auto_prepend_file = "/home/user/pathto/header.php"
Restarted apache2
And getting the below errors in apache error log:
[Sat Jan 27 17:54:24.233604 2018] [:error] [pid 15976] [client
127.0.0.1:42054] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 [Sat Jan 27 17:54:24.233653
2018] [:error] [pid 15976] [client 127.0.0.1:42054] PHP Fatal error:
Unknown: Failed opening required '/home/user/pathto/header.php'
(include_path='.:/usr/share/php') in Unknown on line 0
Tried adding directive
php_value auto_prepend_file /home/user/pathto/header.php
to Directory block of the website in apache2.conf, but the same error pops.
What's wrong? What permissions are wrong?
Regards.
Linux uses a permissions model that incorporates users that can belong to groups, and files and directories that can be assigned to those users and groups. By default, when you install Apache and PHP on Ubuntu, you end up with a new user for Apache named "www-data". Anytime Apache runs and needs to access the file system, it is not unlike any other user, and the operating system requires the same permissions that it would any other user.
So technically, if you wanted PHP scripts in your user's home directory, you'd have to somehow give Apache's www-data user the permission to access files there.
When I set up a new server, I'll normally add myself to the www-data group:
# add user brian to the www-data group
sudo usermod -a -G www-data brian
This makes managing files easier for me (once I complete the next steps), as I don't need to use sudo to make changes to files.
I will let www-data own everything under /var/www
# Change all files at /var/www recursively to be owned by www-data
sudo chown -R www-data:www-data /var/www
Make it so new files created under /var/www end up being owned by www-data:
#set the gid on any new dir inside /var/www
sudo chmod 2755 /var/www/html
Then set myself as the owner, instead of www-data:
# Be the owner of all www
sudo chown -R brian:www-data /var/www
Notice that at no time was I giving permissions outside of /var/www, but this makes managing files and directories inside /var/www easier, so you don't feel the need to put PHP files in your home directory.
I am not able to run php fpm on nginx. I am getting permission error with www-data user/group. My error log is as below. I tried giving permission to the user www-data with different solutions over internet but didnt worked. I am running codeingiter framework. Please check error log below
10673#10673: *19456 stat() "/var/www/html/testphp/api/ajax/getdetails" failed (13: Permission denied), client: 11.11.1.11, server: www.mydomain.com, request: "GET /api/ajax/getroomdetails/201 HTTP/1.1", h$
10673#10673: *19456 stat() "/var/www/html/testphp/api/ajax/getdetails" failed (13: Permission denied), client: 11.11.1.11, server: www.mydomain.com, request: "GET /api/ajax/getroomdetails/201 HTTP/1.1", h$
10673#10673: *19456 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 11.11.1.11, server: www.mydomain.com, request: "GET /api/ajax/getdetails HTTP/1.1$
Please suggest how can I give correct permissions to run php-fpm
have you checked your file permissions
cd /you Directory
then type
ls -l
after that you can use
chown -R root:www-data /Directory
chmod g+w -R /Directory
or
chmod +x /Directory
I have centos 7 running nginx/php-fpm with selinux enabled.
I know there is a lot of similar questions on internet but mine is a little different. Files are being created after setting selinux by nginx but it still says it can't read it...
tail /var/log/nginx/error.log
2015/10/07 16:18:25 [error] 17860#0: *79 FastCGI sent in stderr: "PHP
message: PHP Warning: session_start():
open(/var/lib/php/session/sess_sk456vdemnp391spiv3i622i96, O_RDWR)
failed: Permission denied (13) in /home/web/api/functions.php on line
9
ls -la /var/lib/php/session/
total 12 drwxrwx---+ 2 nginx nginx 82 Oct 7 16:18 . drwxr-xr-x. 3
root root 20 Oct 5 15:58 ..
-rw-------+ 1 nginx nginx 0 Oct 7 16:15 sess_52psgccceh91vokbau4pq08946
-rw-------+ 1 nginx nginx 0 Oct 7 16:18 sess_sk456vdemnp391spiv3i622i96
*User of php-fpm and nginx are "nginx"
*selinux policy is changed for allowing access to session folder
Do you know which log I should check to find out what is the problem?
Thanks!
I found the problem!
My /var/lib/php/session was system_u:object_r:httpd_sys_content_t:s0 instead of system_u:object_r:httpd_sys_rw_content_t:s0. This made nginx unable to edit stuff (only create).
To fix the problem:
1- reset the policy of folder:
restorecon -v "/var/lib/php/session"
2- then set the good one
semanage fcontext -a -t httpd_sys_rw_content_t /var/lib/php/session
You don't even have to reload/restart nginx :P
Ran into the same issue.
In my case, the solution was to change the owner of the directory to nginx
chown nginx /var/lib/php/session
My environment:
CentOS 6.6
Nginx 1.7.10 with mod_security, naxsi, ngx_pagespeed modules
PHP 5.6.5
Mariadb 10.0.16
SeLinux close
setenforce 0
My test code:
<?php
/*
** Connect to database:
*/
// connect to the database
$con = mysql_connect('localhost','root','my pass')
or die('Could not connect to the server! ' . mysql_error());
var_dump($con);
exit;
That's it.
And when I use firefox to run this script
The result is "Could not connect to the server! Permission denied"
The nginx error.log is
2015/02/18 23:26:33 [error] 1532#0: *68 FastCGI sent in stderr: "PHP message: PHP Warning: mysql_connect(): Permission denied in /var/www/nginx/aa.php on line 9" while reading response header from upstream, client: client ip, server: localhost, request: "GET /test-sql-injection.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "server ip"
But when I use command line to run this script
php aa.php
The result is
resource(5) of type (mysql link)
It is success to connect to maria db...
The mysql.sock file permission is
In /tmp
lrwxrwxrwx. 1 mysql mysql 25 2015-02-18 21:20 mysql.sock -> /var/lib/mysql/mysql.sock
In /var/lib/mysql
srwxrwxrwx. 1 mysql mysql 0 2015-02-18 23:03 mysql.sock
all command is run as root
and when I use another user to run php command
still get Permission denied error message!
which file's permission wrong?
======
/var/lib/mysql dir permission is 700
so it cause permission denied problem....
php-cgi and php-cli are not using the same php.ini file.
Compare both file, maybe you have a difference
Check full path to socket file.
every directory in the path to socket must have eXecute permission for webserver user.
e.g. /var/ or /var/lib/ or /var/lib/mysql/ could have chmod 700 when it must have chmod 711.
Note that making more permissive chmod could lead to security issues. I suggest you moving mysql.sock into world-accessible-by-default directory such as /tmp
I have two directories in /var/www:
root#user:/var/www# ls -l
drwxrwxrwx 2 root root 4096 Июл 14 17:59 first
drwxrwxrwx 2 root root 4096 Июл 14 18:00 second
with exactly the same php scripts:
root#user:/var/www# ls -l first/
-rwxrwxrwx 1 root root 20 Июл 14 16:37 info.php
root#user:/var/www# ls -l second/
-rwxrwxrwx 1 root root 20 Июл 14 16:37 info.php
info.php:
<?php
phpinfo();
?>
But from the first/ directory Apache opens script, from the second/ pulls error:
( ! ) Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
( ! ) Warning: Unknown: failed to open stream: Operation not permitted in Unknown on line 0
( ! ) Fatal error: Unknown: Failed opening required '/var/www/second/info.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0
What can be a reason?
Directory config:
DocumentRoot "/var/www"
<Directory "/var/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
You need to change the owner of the two folders from 'root' to apache.
Try sudo chown -R [yourusername]:www-data /var/www
This should help.
There are number of things to try here
1) What folder has your .htaccess?
2) The error you provides hints that php would look for scripts in include_path='.:/usr/share/php:/usr/share/pear'
This points that the script is to be present in the following paths only.
3) You may want to check if ls -Z may reveal the difference in the security context of the directories.
Sometimes SeLinux Context is the thing you need to set. In this case:
ls -lZ
if you got something like
rw-r--r--. root root unconfined_u:object_r:etc_t:s0
OR
drwxr-xr-x. root root system_u:object_r:etc_t:s0
You need to run
chcon -R -t httpd_sys_content_t /var/www
Then you will have
drwxr-xr-x root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/
Something like this
Try this:
sudo chmod -R 755 /var/www
sudo chown -R www-data:www-data /var/www/
sudo service apache2 restart
The group is root probably thats the issue
You could also have tried:
sudo chown -R apache:apache /var/www