Good day.
There is a PHP module ( .so) loaded within PHP. On MINIT stage it tries to read a file.
The file is a /tmp/aaa.txt
The directory /tmp belongs to root and its permissions are set to 777.
The file /tmp/aaa.txt belongs to apache user and is also set to 777 permissions.
Module opens the file with VCWD_FOPEN(), which is define for
#define VCWD_FOPEN(path, mode) virtual_fopen(path, mode TSRMLS_CC) which eventually is a fopen().
The VCWD_FOPEN fails with error 13 (permission denied).
The strange thing is, if I invoke the module manually
( #php -r 'echo "hi";' ) - it works.
But when it runs from apache - it doesnt.
Anybody knows why?
Thank you
Found the problem.
The user permission policy was enforced by SELinux.
To disable it i typed
#setenforce 0
#service httpd restart
Works now
Related
Server version: Apache/2.4.34 (Unix)
NOTE: This is not a Plesk or control panel questions. This is a custom PHP application hosted on a Rackspace dedicated server with no control panel.
I'm trying to utilize an existing SSL certificate for several sub-directories of a domain, but the architecture for the domain separates out two directories for non-secure/secure:
httpdocs
httpsdocs
I copied everything from httpdocs to httpsdocs and also forced traffic to https using .htaccess. Everything worked great until I tried the PHP file upload functionality.
Here's the bit of code that is failing from the secure side:
$path = "uploaded_files/".$row_query[0].'/'.$file_name;
copy($temp_file, $path);
In doing some debugging, I found that the temp file gets created:
/tmp/phpanKT4N
but the error I see in the logs is:
copy(uploaded_files/New Sub Folder/30052_testing.txt): failed to open stream: Permission denied in /var/www/vhosts/.com/httpsdocs/demo/resource/add_resource.php on line 108
I tried changing copy() to move_uploaded_file() but here's the error for that:
PHP Warning: move_uploaded_file(uploaded_files/test/30054_testing.txt): failed to open stream: No such file or directory in /var/www/vhosts/<thedomain>.com/httpsdocs/demo/resource/add_resource.php on line 111
PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpOC9YEF' to 'uploaded_files/test/30054_testing.txt' in /var/www/vhosts/<thedomain>.com/httpsdocs/demo/resource/add_resource.php on line 111
I searched stack and saw that ownership must match, but the permissions appear to be the same for httpdocs and httpsdocs.
The /tmp folder is owned by root:root and like I said this works perfectly from the non-secure folder. The non-secure and secure upload folders are identical:
httpdocs:
drwxrwxr-x+ 8 theuser apache 4096 Sep 22 2015 uploaded_files
httpsdocs:
drwxrwxr-x+ 8 theuser apache 4096 Sep 22 2015 uploaded_files
Is this a configuration, permissions issue, or what?
Figured this out... Ran the following:
First find apache's user:
egrep -i '^user|^group' /etc/httpd/conf/httpd.conf
Result:
User apache
Group apache
Then ran this and it solved all the PHP file upload issues in httpsdocs:
chown -R apache:apache /var/www/vhosts/<thedomain>.com/httpsdocs/
chmod -R g+rw /var/www/vhosts/<thedomain>.com/httpsdocs/
I am trying to run R code from within PHP. I am using RHEL 7.4.
However, because Apache runs as a different user than installed the R packages, it cannot load packages:
My PHP code has this line:
echo shell_exec("(Rscript -e 'library(lme4, lib.loc = \"/var/www/R/lib\")')2>&1");
which produces this error in the browser:
Error: package or namespace load failed for 'lme4' in dyn.load(file, DLLpath = DLLpath, ...):
unable to load shared object '/var/www/R/lib/Rcpp/libs/Rcpp.so':
/var/www/R/lib/Rcpp/libs/Rcpp.so: failed to map segment from shared object: Permission denied
Execution halted
The file /var/www/R/lib/Rcpp/libs/Rcpp.so has permissions 775, so I don't think the permissions are actually the problem.
How can I tell Apache / PHP where to look for the shared libraries?
The server is not public-facing, so I would take any solution from properly accessing the shared library, to giving user apache sudo access with NOPASSWD to run as my user (or something similarly reckless, since that didn't actually work...).
Thank you!
This appears due in part to an SELinux setting in Red Hat. I'm not entirely sure whether this is Red Hat-centric, or specific to the configuration at my university (who installed Red Hat in the first place).
Originally:
$ getenforce
Enforcing
Fix:
$ sudo setenforce 0
$ getenforce
Permissive
Persistent fix: modify /etc/selinux/config to have the line
SELINUX=Permissive
Credit to this StackOverflow thread.
I have a simple script that outputs Permission denied warning in the browser:
rename('/opt/web/test.tmp', '/opt/web/test.tmp1')
Script path is /opt/web/test_rename.php
/opt/, /opt/web/ and /opt/web/test_rename.php are 777 and have apache owner / group.
httpd process owner is apache
test.tmp is 777 and have apache owner as well
It works fine with cli.
What else could I do to make it work via apache?
The problem was with SELinux. It can block php rename function.
I've found the answer here: http://forums.fedoraforum.org/archive/index.php/t-111081.html
On the Fedora Core 3 Linux distribution, you may get a "failed to open stream: Permission denied in ..." message. In fact changing the permission of the directory will not work (even if you set to 0777).
It is because of the new SELinux kernel that allow apache user to write only in /tmp dir (I think). In order to solve the problem you must to disable the SELinux (at least for apache service) to allow the server to write in other directories. To do that, run the system-config-securitylevel app and disable the SE to apache service. Reboot your system and continue your work.
I'm getting a Twig error ...
Uncaught exception 'RuntimeException' with message 'Unable to write in the cache directory (./cache/twig/69).
but only ever in that 1 hexadecimal directory listed above. If I then set the permissions on that folder to 0777 and also set the permissions on the files it contains, it works correctly but only for a few days. I then have to do the same fix and so on and so on. None of the other directories in the twig folder are affected. Any ideas?
Check the permission of the folder. It should have write access.
Check SELinux policy
sestatus
To disable SELinux
sudo setenforce 0
Are you running commands from the CLI with a different user than the webserver? This often occurs if you run console commands as e.g. root and they create cache directories. Try clearing the cache completely after each CLI call.
I had a LAMP application running wordpress and I deleted the whole directory and replaced with new files - php based.
Now, when I go to view my server running CentOS - it just shows a 500 Internal Server error.
I've tried:
restarting server
restarting apache service itself
both completed successfully, but this didn't fix anything. Now, I do not know where to go from here.
apache logs # /usr/local/apache/logs/error_log on apache:
[Tue Apr 22 11:12:15 2014] [error] [] SoftException in Application.cpp:357: UID of script "index.php" is smaller than min_uid
I found the fix myself, this wasn't an error with Mysql at all, but rather a permissions issue with the index.php file I had.
The error, which I found in /usr/local/apache/logs/error_log was:
:is smaller than min_uid Premature end of script headers: index.php
To fix, I did this:
ls -l in the directory causing the issue (mine was public_html)
You should see the index file (e.g. index.php) that should be causing the issue. It is due to a root user having the only permission to the file and not your CPanel (or system) username. (note this system/cpanel name)
Run the following within the errorneous directory(Note: this command must be run within all subdirectories of the primary errorneous directory.):
sudo chown yoursystemuserhere:yoursystemgroupuserhere index.php
or to apply to the whole directory (thanks to #Prix):
sudo chown -R user:group /folder
You're all set.
Further literature here: http://www.inmotionhosting.com/support/website/general-server-setup/uid-smaller-than-min-uid
I hope this helps someone else in the future.
I had similar symptoms on my cPanel VPS - I was able to use easyApache to recompile Apache and PHP which fixed the problem for me.
(I realise my problem was slightly different to yours, but it may be helpful for people in the future who have the same problem I had).
chown -R user.usergroup /path_to_the_directory
Will resolve this. It is basically permission issues.
just install wordpress latest version make sure you have atleast php version 5.3 and above also look global register variable if it off or just delete htacess file from server and see what will happens
generally 500 internal server gives when file permission is missing so you should delete htacess file