We Keep Coding

PHP cannot access mounted drive in Ubuntu

Running Ubuntu 18.04, Apache/2.4.29, PHP 7.2.10.
I am unable to read/write into my mounted drives from PHP.
this is my sample code:
<?php
ini_set('display_errors', '1');
error_reporting(E_ALL);
$folder = '/media/superuser/HDD4TB_CRYPT/nextcloud_data';
var_dump(ini_get('open_basedir'));
file_put_contents($folder.'/x.txt', "AA");
echo file_get_contents($folder."/x.txt");
phpinfo();
This is output:
string(0) ""
Warning:
file_put_contents(/media/superuser/HDD4TB_CRYPT/nextcloud_data/x.txt):
failed to open stream: Permission denied in
/var/www/html/nextcloud/x.php on line 9
Warning:
file_get_contents(/media/superuser/HDD4TB_CRYPT/nextcloud_data/x.txt):
failed to open stream: Permission denied in
/var/www/html/nextcloud/x.php on line 10
these are folder details:
superuser#SuperTower:/var/www/html/nextcloud$ ls -al /media/superuser/HDD4TB_CRYPT/
total 28
drwx------ 4 superuser superuser 4096 feb 3 20:55 .
drwxr-x---+ 4 root root 4096 feb 2 00:06 ..
drwx------ 2 root root 16384 feb 1 22:49 lost+found
drwxrwxrwx 2 www-data www-data 4096 feb 3 21:29 nextcloud_data
I tried editing open_basedir, but this did not help to solve any issues, so I just commented it out. Therefore open_basedir has no value in phpinfo(). Folder is chowned to www-data (this is apache user) and also chmoded to 777.
/media/superuser/ contains folders with mounted drives on my PC. superuser is my username in Ubuntu.
Thanks for any ideas!
P.S.
I have also tried adding a symlink to my folder:
superuser#SuperTower:/var/www/html/nextcloud$ ls -al data
lrwxrwxrwx 1 www-data www-data 45 feb 3 21:05 data -> /media/superuser/HDD4TB_CRYPT/nextcloud_data/
and using
$folder = '/var/www/html/nextcloud/data';
but the results are exactly the same.
I also tried adding
<Directory /var/www/html/nextcloud/data>
Options +FollowSymLinks
Allow from All
</Directory>
no change in the resulting behavior :/

For some reason no matter what ownership/permissions I set on folder, /media/superuser is never accessible by www-data.
I edited /etc/fstab to mount drive into /opt/ folder and I chowned it to www-data user and group.
Works like a charm now.

IOError: [Errno 13] Permission denied on RPI3 [duplicate]

I'm trying to read a file in PHP and I'm getting a permission denied error although everybody has read access to the file.
The PHP code:
$config=file_get_contents('/opt/jenkins/home/config.xml');
The error:
Warning: file_get_contents(/opt/jenkins/home/config.xml): failed to open stream: Permission denied in [...]
The filesystem permission:
There is a symlink pointing /opt/jenkins/home/ to /var/lib/jenkins and everybody has read permission on the symlink, actual folder, and file.
$ ls -lh /opt/jenkins/
lrwxrwxrwx 1 sysadmin sysadmin 16 2011-08-04 08:12 home -> /var/lib/jenkins
$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins
$ ls -lh /var/lib/jenkins/config.xml
-rwxr-xr-- 1 jenkins adm 3.9K 2011-08-04 10:05 /var/lib/jenkins/config.xml
Apache configuration
Configured to folllow symlinks (Options All). Adding a Directory directive for /var/lib/jenkins/ makes no difference.
<Directory /opt/jenkins/home/>
Options All
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
Additional info
Whether I use the path through the symlink ("/opt/jenkins/home/config.xml") or the real path ("/var/lib/jenkins/config.xml") I have the same problem.
apache2 version=2.2.14-5ubuntu8.4
php version=5.3.2-1ubuntu4.9
Any idea as to why I'm getting the error?

Your directory needs execute permission for this to work. It does not seem to have world execute, and since jenkins is probably not the apache user, and the apache user is not in the adm group, it wouldn't work:
$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins
Per example:
netcoder#netcoder:~$ mkdir foo
netcoder#netcoder:~$ echo hello > foo/bar
netcoder#netcoder:~$ chmod 777 foo/bar
netcoder#netcoder:~$ ls -lsah foo/bar
4.0K -rwxrwxrwx 1 netcoder netcoder 6 2011-08-04 08:22 foo/bar
netcoder#netcoder:~$ chmod 444 foo/
netcoder#netcoder:~$ ls -lsah | grep foo
4.0K dr--r--r-- 2 netcoder netcoder 4.0K 2011-08-04 08:22 foo
netcoder#netcoder:~$ cat foo/bar
cat: foo/bar: Permission denied
Even though foo/bar has 0777 permission, if the directory does not have the execute permission, reading its contents is denied.
You'll need the permission to be set for both the target directory and the symbolic link.

You need the execute bit set on all directories in the hierarchy up to that file.
chmod o+x /var/lib/jenkins
should do the trick.
(Note: ls -lhd /var/lib/jenkins is a bit better than ls -lh ...|grep jenkins)

Lots of modern boxes (digital ocean, rackspace etc) ship with SELinux (Security Enhanced Linux) for RedHat compatible OSs (like CentOS). This throws another wrench into the works which you need to keep in mind. You can have your permissions perfectly set and it will still say permission denied. You need to define a writable context for SELinux:
sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite -R

Most likely your apache user is not allowed to read or access the web files
Check what user is apache running as:
$ ps aux | grep [a]pache
root 40283 0.0 0.2 472548 21116 ? Ss 14:38 0:00 /usr/sbin/apache2 -k start
www-data 40287 0.0 0.1 472760 8800 ? S 14:38 0:00 /usr/sbin/apache2 -k start
www-data 40288 0.0 0.1 472760 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k start
www-data 40289 0.0 0.1 472776 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k start
Check the path ownership of your web files:
$ namei -mol /home/john/app2/
f: /home/john/app2/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwx------ john john john # <== Ahaa, no access for apache user!
drwxr-xr-x john john john app2
Adjust permissions accordingly:
Well in this step I will leave it up to you, you can either (a) the make apache user 'john' in this example. Or you could (b) move the web folder to a place outside home. Where the execute access can be given to the group or to even others without breaking security good practices.
a. Make apache user john (ONLY FOR DEV SITES or if you know what you are doing)
sudo vi /etc/apache2/envars
# replace
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# with
export APACHE_RUN_USER=john
export APACHE_RUN_GROUP=john
b. Move that folder out of home... what is it doing there anyways?
sudo mv /home/john/app2 /var/www/
Remember to change the site to match this directory and to restart the apache server.
Here are some references:
https://wiki.apache.org/httpd/13PermissionDenied
http://wiki.apache.org/httpd/FileSystemPermissions

PHP Fatal error: Unknown: Failed opening required '/home/user/pathto/header.php' after adding it as auto_prepend_file

My goal is to configure php profiling for local development website in Kubuntu 16.04.
Installed tideways according to docs and checked it's installed correctly with:
php --ri tideways_xhprof
Created header.php with following contents
<?php
tideways_xhprof_enable();
Added reference to it to php.ini
auto_prepend_file = "/home/user/pathto/header.php"
Restarted apache2
And getting the below errors in apache error log:
[Sat Jan 27 17:54:24.233604 2018] [:error] [pid 15976] [client
127.0.0.1:42054] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 [Sat Jan 27 17:54:24.233653
2018] [:error] [pid 15976] [client 127.0.0.1:42054] PHP Fatal error:
Unknown: Failed opening required '/home/user/pathto/header.php'
(include_path='.:/usr/share/php') in Unknown on line 0
Tried adding directive
php_value auto_prepend_file /home/user/pathto/header.php
to Directory block of the website in apache2.conf, but the same error pops.
What's wrong? What permissions are wrong?
Regards.

Linux uses a permissions model that incorporates users that can belong to groups, and files and directories that can be assigned to those users and groups. By default, when you install Apache and PHP on Ubuntu, you end up with a new user for Apache named "www-data". Anytime Apache runs and needs to access the file system, it is not unlike any other user, and the operating system requires the same permissions that it would any other user.
So technically, if you wanted PHP scripts in your user's home directory, you'd have to somehow give Apache's www-data user the permission to access files there.
When I set up a new server, I'll normally add myself to the www-data group:
# add user brian to the www-data group
sudo usermod -a -G www-data brian
This makes managing files easier for me (once I complete the next steps), as I don't need to use sudo to make changes to files.
I will let www-data own everything under /var/www
# Change all files at /var/www recursively to be owned by www-data
sudo chown -R www-data:www-data /var/www
Make it so new files created under /var/www end up being owned by www-data:
#set the gid on any new dir inside /var/www
sudo chmod 2755 /var/www/html
Then set myself as the owner, instead of www-data:
# Be the owner of all www
sudo chown -R brian:www-data /var/www
Notice that at no time was I giving permissions outside of /var/www, but this makes managing files and directories inside /var/www easier, so you don't feel the need to put PHP files in your home directory.

Nginx - failed to open stream: Permission denied in /var/www/example.com

My website is running on nginx + php-fpm and running well but while uploading file it shows blank page.My log file shows
2016/06/08 14:44:40 [error] 22063#22063: *25 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(up/propic/medium/5961465411480.jpg): failed to open stream: Permission denied in /var/www/example.com/saveimg.php on line 32" while reading response header from upstream, client:...
I tried most of answers from stackoverflow , even I changed the /var/www folder permissions to 777 but the results are same.
Few details about my server
/etc/php-fpm.d
user=nginx
group=nginx
ownership and group of /var/www/sites
drwxrwxrwx. 29 ec2-user root 4096 Jun 8 14:39 site1.com

After searching , I found it.It's all deals with SELINUX which is a security feature.
when using ls -Z
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_content_t:s0 www
change this to
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_rw_content_t:s0 www
using cmd
chcon -R -t httpd_sys_rw_content_t /var/www

You also need to check permissions and ownership of every folder on the way from
/var/www/sites/
to
/var/www/sites/site1.com/up/propic/medium

The user and group defined in your pool.d configuration require access rights to your nginx root location. This can be done by changing the user and group in your pool.d configuration to the same user and group that own your nginx root location or by adding the pool.d user to the group that owns your nginx root location. You can do that like this:
usermod -a -G groupName userName

# nginx error.log echo:
2019/10/12 11:11:02 [error] 3871#0: *1 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
Unable to open primary script: /www/test.php (Permission denied)" while reading response header from upstream, client: 192.168.1.9, server: _, request: "GET /test.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "192.168.1.180"
In Centos System, After searching , I found it.It's all deals with SELINUX which is a security feature. when using ls -alZ
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_content_t:s0 www
# change this to
drwxrwxrwx. ec2-user root system_u:object_r:httpd_sys_rw_content_t:s0 www
# using cmd
chcon -R -t httpd_sys_rw_content_t /www

Php Exec external python script - Permission Denied

I can't run command line script from Exec
$exec = exec($command, $output, $return );
I have tried passthru,shell_exec,system but obviously this is not the problem.
sudo chown -R www-data:www-data /root/path/nonce.py
sudo chmo 775 /path/nonce.py
sudo chmo 777 /path/nonce.py
sudo chmo 755 /path/nonce.py
didn't helped
exec("python -V 2>&1");
works
But
/usr/bin/python /root/path/nonce.py
Array ( [0] => /usr/bin/python: can't open file '/root/path/nonce.py': [Errno 13] Permission denied )
dosent
running on nginx and php5-fpm

You need to consider the permissions for each directory on the path to the Python script. This means:
/root
/root/path
/root/path/nonce.py
The permissions for the root account are naturally restricted. If you look a root's home directory:
$ ls -ld /root
dr-xr-x---. 9 root root 4096 Aug 20 23:50 root
You will see that only the root user, and users within group root, can read or list the contents of /root.
It's a bad idea to place your script in root's home. There are more appropriate places such as /var/www/cgi-bin assuming that your script is a CGI script. On my system:
$ ls -ld /var/www
drwxr-xr-x. 4 root root 4096 Jul 17 17:22 /var/www
$ ls -ld /var/www/cgi-bin
drwxr-xr-x. 2 root root 4096 Jul 17 17:22 /var/www/cgi-bin/
which can be read and listed by any user. You should install the script in a directory appropriate for nginx.

one of the directories on the path probably lacks r permisison for the relevant user - most likely /root
can you move the python script to a dir that is world readable?