I just changed to a production environment so I'm setting up everything, and I just bumped into a Permission Denied error (while using include())that I am pretty sure it is caused by the permissions. The thing is I have never used an actual server before, I have always use cPanel hosting, so I am no expert dealing with chmod and these things.
The folder containing all files I'll be include()ing has the following permissions drwxr-xr-x.
I'm pretty sure w stands for write, r for read and x for execute. But I have no Idea why does it have 3 columns (separated by '-') and how to change it using chmod. Any help will be appreciated.
solved, created a group and chowned and chmoded the folder to it.
Related
Accidentally i rewrote all folders permission from root.
chown -R www-data:www-data /
Just for example. Luckily i have another server. So i started fix all permissions manually one by one. And now everything seems work fine except for one thing: php can't write files.
I have a suggestion that some php or apache process have wrong permissions.
So symptoms:
The stream or file "/var/www/vhosts/.../httpdocs/storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied
Yes. I'm sure that files have correct permissions. Because this recursive process was not so fast to override /var folder too. At least some domain still untouched. So i checked it out.
Maybe it would be helpful to know that i use plesk. Because some .sock files could be located there.
I have no idea what i did but it works now. I hope one day it could be useful for someone too.
Just run script if you use plesk
/usr/lib/plesk-9.0/install_suexec
So in the we could say i just reinstall script.
I was recently troubled by an injected spam script called alias.php. I’m still trying to work out how it got there, so I’m looking at directory permissions.
The parent directory of the offending file has the following permissions:
drwsrws---. 5 apache [group]
where [group] is the name of my group.
I don’t know whether weak directory permissions are the culprit, but, just in case, is there a more correct setup?
I’m running CENTOS 6.
Thanks
I'd suggest you removing group permissions to write on the directory
drwsr-s---
To detect the culprit - check the owner of the file (I'm no CENTOS user, don't know the command) see if it's the root or a group member.
If it's the root, someone has hacked you (I doubt it, though) and you have big issues to resolve
If it's a group member then the above solution is for you, unless you need to add or modify the directory's files in the future
I hope I was useful.
I see that similar questions have been answered on Stack Overflow, but the solutions haven't fixed my particular problem, so I have to ask...
I have an app that needs to make directories and modify files outside the site directory. This works find on the production server.
After spinning up a test server with the exact same version of Ubuntu and PHP, I'm getting errors on the staging server when it tries to open files or create directories.
Here are the errors:
mkdir() [http://php.net/function.mkdir]: Permission denied
fopen(/root/Dropbox/Backend/Booth-01/settings.sh) [http://php.net/function.fopen]: failed to open stream: Permission denied
Things I have tried:
checking the username running the application (it's www-data)
changing the owner of the external directory recursively to www-data
changing permissions on the directory to 777 (I know, this is a bad idea, but I was just trying it to see if that would help until I figured out what the issue was and will change the permissions to something more restrictive once I get it working)
checking the umask value. It was set to 0002, which shouldn't give me problems. Just for kicks, I tried changing it to 0000 and it didn't help.
checking to make sure PHP's safe mode wasn't enabled.
checking to make sure that nothing was specified in open_basedir. In any case, if that was the issue, it would throw a different error message.
I can't think of what to try next and I'm hoping that someone else is seeing something that I'm not.
Ubuntu 12.04.5 x64
PHP 5.3.10
It's not only the folder itself you have to have permissions on. You should also check the parent folders. I think, if you check this, this will fix your problem.
If this is an external drive (see if it shows up in mount) then you may have to remount it. An auto-mounted external drive can thwart permissions
sudo umount <moint-point>
sudo mount /dev/<device> <new-moint-point>
hopefully someone can shed some light on my problem. I just reinstalled my OS (lubuntu 12.10) and have set up my local server. Everything seems to be working properly except for the one file I'm currently working on. When I try to run it in the browser, it downloads and/or gives a Server Error (HTTP Error 500).
I don't suppose it's an Apache or PHP problem since other files work just fine, but I don't think there's anything wrong with the code in the file in question.
What else could be causing this issue?
There is no need to "suppose" or devise "more than likely" cause or guess "what else".
HTTP Error 500 means there is something verbose in the server's error_log.
Just open it end get the exact explanation of the problem.
Please, do not take blind action, out of mere guess. You can make things worse.
This problem is more then likely caused by a permissions issue.
The Apache server runs as www-data:www-data. What this means is that it is possible to have some permission issues with files that were created by another user.
To solve this, you should either add your user to the www-data group and set the /var/www directory to inherit the group www-data, or you can use chown to change the ownership of all the files to be on the www-data group.
To keep security in your system, you should also make sure that all your files have a permission set of 660, meaning that the owner and anybody of the user group of the file can both read and write, but any other user will not be able to do anything with it.
If you have a php script that does run more than 30 seconds (default) you have to change value of max_execution_time by using ini_set function.
It seems i cannot create files. When i set permissions to 777 On the folder i am trying to create a folder in then the script works fine. If the folder is set to 755, it fails. I do not know much about linux, but i am suppose to figure this stuff out. I have spent a couple hours trying stuff. Does anyone know how to make it so that apache has high enough permissions.
I know it is a permissions and apache problem, i just do not know how to fix this. I have edited the httpd.conf file, but i really do not know what i am doing... Any help? (I saved backup.)
Please stop suggesting to use 777. You're making your file writeable by everyone, which pretty much means you lose all security that the permission system was designed for. If you suggest this, think about the consequences it may have on a poorly configured webserver: it would become incredibly easy to "hack" the website, by overwriting the files. So, don't.
Michael: there's a perfectly viable reason why your script can't create the directory, the user running PHP (that might be different from Apache) simply doesn't have sufficient permissions to do so. Instead of changing the permissions, I think you should solve the underlying problem, meaning your files have the wrong owner, or Apache or PHP is running under the wrong user.
Now, it seems like you have your own server installed. You can determine which user is running PHP by running a simple script that calls the 'whoami' program installed in most linuxes:
<?php
echo `whoami`;
If all is right, you should see the username PHP is running under. Depending on your OS, this might be 'www-data', 'nobody', 'http', or any variation. If your website is the only website running, this is easy to change by changing the user Apache runs under. If you have Debian, like I tend to, you can edit the file /etc/apache2/envvars (as root), and change the value for APACHE_RUN_USER. Depending on your OS, this variable might be set in a different configuration file, so if you can't find it in /etc/apache2/envvars, try to search for the variable declaration by using:
$ grep -R "APACHE_RUN_USER=" .
From the directory all apache-config files are in.
If you're not the only one on the server, you might want to consider creating user accounts for every website, and using something like Apache2-MPM-ITK to change the RUN_USER depending on which website is called. Also, make sure that the user the PHP process is running under is the owner of the files, and the directories. You can accomplish that by using chown:
% chown theuser:theuser -R /var/www/website/
If PHP is running with it's own user, and is the owner of the files and directories it needs to write in, the permission 700 would be enough. I tend to use 750 for most files myself though, as I generally have multiple users in that group, and they can have reading permissions. So, you can change the permissions:
% chmod 0750 -R /var/www/website/
That should be it. If you having issues, let us know, and please don't ever take up any advice that essentially tells you: if security is bothering you, remove the security.
I have a similar problem but in my case I have SELinux running and it failed even with 0777 permission. Turns out I need to explicitly allow httpd to have write access on the directory using:
chcon -R -t httpd_sys_rw_content_t <PARENT_OF_MKDIR_TARGET>
SELinux Troubleshooter may have more details.
On ubuntu you edit /etc/apache2/envvars as Berry suggested.
When you change the Apache user, beware of unintended consequences. One of them is the PHP sessions that may be stored in /var/lib/php5. You may need to change the ownership of that folder too.