I have below php script(test.php) in redhat linux.
<?php
shell_exec('touch /var/www/html/test.txt');
?>
If I run this script in command line (php test.php) ,it's working as expected.
But if I run test.php in browser(http://hostname/test.php) it's not creating file test.txt.
I tried edit sudo visudo www-data ALL=(ALL) NOPASSWD:ALL
Please help me on this!!
I guest it's because of permission, when you run in command line you run it as your user but when you run it via browser , it runs as web-service's user, so check the the permission of /var/www/html/ directory and set it's permission to 755 and change the owner to your web-service ( apache , apache2 etc you have as web serivce)
So
chown -R apache:apache /var/www/html/ (I'm not sure about your web-service, change it your webserice and it's group)
chmod -R 755 /var/www/html/
PHP will execute that just fine. But the system then does not find touch in the pathes it has to search.
Easiest, is to give the full path to touch. On my System using command whereis to find touch
$whereis touch
touch: /usr/bin/touch /bin/touch /usr/share/man/man1/touch.1.gz
So the script would be:
<?php
shell_exec('/usr/bin/touch /var/www/html/test.txt');
?>
Well I have a cron that runs a bash file:
#!/bin/bash
for n in {1..10}; do
/usr/bin/php /var/www/html/teste_sh.php v=$n &
done
But in this script teste_sh.php, If I do an error_log, it doesn't work.
Error_log of this folder is empty, but if I run http://localhost/teste_sh.php, error_log works fine!
Is there a way to make error_log work in this case?
Thanks.
Not exactly clear on where your error log is, but, It's a permission issue. The CRON assumedly is a crontab on your user, not root.
I would place your user in the same group as your web server, often www-data.
Then the web server, and you when executing via CRON, will be in same group. Of course just need to make sure the directory /var/www/html is chowned to that group.
Add your user to web group:
sudo usermod -a -G www-data myusername
And then chown the directory
sudo chown -R myusername:www-data /var/www/html
Might be worth taking a look for an answer on https://serverfault.com/
I get this cannot load phpMyAdmin message. I've tried creating the config folder and the config.inc.php file. When I ĺog on to localhost/phpmyadmin/setup/ it still gives me this message.
Error message: "Cannot load or save configuration Please create web server writable folder config in phpMyAdmin top level directory as described in documentation. Otherwise you will be only able to download or display it."
I have given the www/html folder full rights.
How to I fix this?
thanks in advance!
I have had similar issue on my Ubuntu 16.04. I made a research and in the end I found a resolution of the issue. Maybe my case solution will help somebody else.
Background: For security reasons I have non privileged user and group apache:apache (sudo groupadd apache | useradd -g apache apache). They are preset by directives (User apache; Group apache) in /etc/apache2/apache2.conf. This user apache:apache owns Apache2 main directory (sudo chown -R apache:apache /etc/apache2) and some other files, for example: sudo chown -R apache:apache/etc/phpmyadmin/htpasswd.setup
In this manual: http://docs.phpmyadmin.net/en/latest/setup.html - I found that...
Debian and Ubuntu have changed way how setup is enabled and disabled,
in a way that single command has to be executed for either of these.
To allow editing configuration invoke:
/usr/sbin/pma-configure
To block editing configuration invoke:
/usr/sbin/pma-secure
Note! In the content of the two files listed above we talk about /var/lib/phpmyadmin/config.inc.php instead of /etc/phpmyadmin/config/config.inc.php. It was the key.
In my case I was modified the content of these scripts (see below) and now I can use localhost/phpmyadmin/setup properly.
/usr/sbin/pma-configure:
#!/bin/sh
echo "Unsecuring phpMyAdmin installation..."
echo "Setup script can now write to the configuration file."
echo
echo "Do not forget to run /usr/sbin/pma-secure after configuring,"
echo "otherwise your installation might be at risk of attack."
sudo sudo chown -R apache:apache /var/lib/phpmyadmin/config.inc.php
chmod 0660 /var/lib/phpmyadmin/config.inc.php
/usr/sbin/pma-secure:
#!/bin/sh
echo "Securing phpMyAdmin installation..."
echo "Setup script won't be able to write configuration."
sudo sudo chown -R root:root /var/lib/phpmyadmin/config.inc.php
chmod 0640 /var/lib/phpmyadmin/config.inc.php
I am new to Laravel. I was trying to open http://localhost/test/public/ and I got
Error in exception handler.
I googled around and changed the permission of storage directory using chmod -R 777 app/storage but to no avail.
I changed debug=>true in app.php and visited the page and got Error in exception handler:
The stream or file "/var/www/html/test/app/storage/logs/laravel.log"
could not be opened: failed to open stream: Permission denied in
/var/www/html/test/bootstrap/compiled.php:8423
Then I changed the permissions of storage directory using the command chmod -R 644 app/storage and the 'Error in exception handler' error was gone and a page is loaded. But in there I am getting this:
file_put_contents(/var/www/html/laravel/app/storage/meta/services.json):
failed to open stream: Permission denied
Suggestion from vsmoraes worked for me:
Laravel >= 5.4
php artisan cache:clear
chmod -R 775 storage/
composer dump-autoload
Laravel < 5.4
php artisan cache:clear
chmod -R 775 app/storage
composer dump-autoload
For those facing this problem with Laravel 5, this is a permission issue caused by different users trying to write at the same log file within the storage/logs folder with different permissions.
What happens is your Laravel config probably is setup to log errors daily and therefore your web server (Apache/nginx) might create this file under a default user depending on your environment it can be something like _www on OSX or www-data on *NIX systems, then the issue comes when you might have run some artisan commands and got some errors, so the artisan will write this file but with a different user because PHP on terminal is executed by a different user actually your login user, you can check it out by running this command:
php -i | grep USER
If your login user created that log file your web server you will not be able to write errors in it and vice-versa because Laravel writes log files with 655 permissions by default which only allows the owner to write in it.
To fix this temporary you have to manually give permissions for the group 664 to this file so both your login user and web server user can write to that log file.
To avoid this issue permanently you may want to setup a proper permissions when a new file is create within the storage/logs directory by inheriting the permissions from the directory this answer https://unix.stackexchange.com/a/115632 can help you to tackle with that.
You should not give 777 permissions. It's a security risk.
To Ubuntu users, in Laravel 5, I sugest to change owner for directory storage recursively:
Try the follow:
sudo chown -R www-data:www-data storage
In Ubuntu based systems, www-data is apache user.
For everyone using Laravel 5, Homestead and Mac try this:
mkdir storage/framework/views
some times SELINUX caused this problem;
you can disable selinux with this command.
sudo setenforce 0
NEVER GIVE IT PERMISSION 777!
go to the directory of the laravel project on your terminal and write:
sudo chown -R your-user:www-data /path/to/your/laravel/project/
sudo find /same/path/ -type f -exec chmod 664 {} \;
sudo find /same/path/ -type d -exec chmod 775 {} \;
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
This way you're making your user the owner and giving privileges:
1 Execute, 2 Write, 4 Read
1+2+4 = 7 means (rwx)
2+4 = 6 means (rw)
finally, for the storage access, ug+rwx means you're giving the user and group a 7
Problem solved
php artisan cache:clear
sudo chmod -R 777 vendor storage
this enables the write permission to app , framework, logs Hope this will Help
For vagrant users, the solution is:
(in vagrant) php artisan cache:clear
(outside of vagrant) chmod -R 777 app/storage
(in vagrant) composer dump-autoload
Making sure you chmod in your local environment and not inside vagrant is important here!
Try again with chmod -R 755 /var/www/html/test/app/storage. Use with sudo for Operation not permitted in chmod. Use Check owner permission if still having the error.
As per Laravel 5.4 which is the latest as I am writing this, if you have any problem like this, you ned to change the permission.
DO NOT LISTEN TO ANYONE WHO TELLS YOU TO SET 777 FOR ANY DIRECTORY.
It has a security issue.
Change the permission of storage folder like this
sudo chmod -R 775 storage
Change bootstrap folder permission like this
sudo chmod -R 775 bootstrap/cache
Now please make sure that you're executing both commands from your application directory. You won't face problems in future regarding permission. 775 doesn't compromise any security of your machine.
Suggest the correct permission, if for Apache,
sudo chown -R apache:apache apppath/app/storage
FOR ANYONE RUNNING AN OS WITH SELINUX: The correct way of allowing httpd to write to the laravel storage folder is:
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/path/to/www/storage(/.*)?'
Then to apply the changes immediately:
sudo restorecon -F -r '/path/to/www/storage'
SELinux can be a pain to deal with, but if it's present then I'd STRONGLY ADVISE you learn it rather than bypassing it entirely.
If you have Laravel 5 and looking permanent solution , applicable both php artisan command line usage and Apache server use this:
sudo chmod -R 777 vendor storage
echo "umask 000" | sudo tee -a /etc/resolv.conf
sudo service apache2 restart
See detailed explanation here.
I had the same issue and the below steps helped me fix the issue.
Find out the apache user - created a test.php file in the public folder with the code
<?php echo exec('whoami'); ?>
And run the file from the web browser. It would give the apache user. In my case, it is ec2-user as I was using the aws with cronjob installed in /etc/cron.d/. It could be different user for others.
Run the below command on the command line.
sudo chown -R ec2-user:<usergroup> /app-path/public
You need to identify and use the right "user" and "usergroup" here.
I had the same problem but in the views directory:
file_put_contents(/var/www/app/storage/framework/views/237ecf97ac8c3cea6973b0b09f1ad97256b9079c.php): failed to open stream: Permission denied
And I solved it cleaning the views cache directory with the following artisan command:
php artisan view:clear
Xampp for use:
cd /Applications/XAMPP/htdocs
chmod -R 775 test/app/storage
From Setting Up Laravel 4.x on Mac OSX 10.8+ with XAMPP
Any time I change app.php I get a permission denied writing bootstrap/cache/services.json so I did this to fix it:
chmod -R 777 bootstrap/cache/
rm storage/logs/laravel.log
solved this for me
Setting permission to 777 is definitely terrible idea!
... but
If you are getting permission error connected with "storage" folder that's what worked for me:
1) Set "storage" and its subfolders permission to 777 with
sudo chmod -R 777 storage/
2) In browser go to laravel home page laravel/public/ (laravel will create necessary initial storage files)
3) Return safe 775 permission to storage and its subfolders
sudo chmod -R 775 storage/
If using laradock, try chown -R laradock:www-data ./storage in your workspace container
In my case solution was to change permission to app/storage/framework/views and app/storage/logs directories.
After a lot of trial and error with directory permissions I ended up with an epiphany...there was no space left on the disk's partition. Just wanted to share to make sure nobody else is stupid enough to keep looking for the solution in the wrong direction.
In Linux you can use df -h to check your disk size and free space.
This issue actually caused by different users who wants to write/read file but denied cause different ownership. maybe you as 'root' installed laravel before then you login into your site as 'laravel' user where 'laravel' the default ownership, so this is the actually real issue here. So when user 'laravel' want to read/write all file in disk as default, to be denied, cause that file has ownership by 'root'.
To solving this problem you can follow like this:
sudo chown -hR your-user-name /root /nameforlder
or in my case
sudo chown -hR igmcoid /root /sublaravel
Footnote:
root as name first ownership who installed before
your-user-name as the default ownership who actually write/read in site.
namefolder as name folder that want you change the ownership.
If you use Linux or Mac, even you can also run in ssh terminal. You can use terminal for run this command,
php artisan cache:clear
sudo chmod -R 777 storage
composer dump-autoload
If you are using windows, you can run using git bash.
php artisan cache:clear
chmod -R 777 storage
composer dump-autoload
You can download git form https://git-scm.com/downloads.
If anyone else runs into a similar issue with fopen file permissions error, but is wise enough not to blindly chmod 777 here is my suggestion.
Check the command you are using for permissions that apache needs:
fopen('filepath/filename.pdf', 'r');
The 'r' means open for read only, and if you aren't editing the file, this is what you should have it set as. This means apache/www-data needs at least read permission on that file, which if the file is created through laravel it will have read permission already.
If for any reason you have to write to the file:
fopen('filepath/filename.pdf', 'r+');
Then make sure apache also has permissions to write to the file.
http://php.net/manual/en/function.fopen.php
Just start your server using artisian
php artisian serve
Then access your project from the specified URL:
I have the same issue when running vagrant on mac. solved the problem by changing the user of Apache server in https.conf file:
# check user for php
[vagrant] ubuntu ~ $ php -i | grep USER
USER => ubuntu
$_SERVER['USER'] => ubuntu
[vagrant] ubuntu ~ $
Run apache under php user instead of user daemon to resolve file access issue with php
# change default apache user from daemon to php user
sudo sed -i 's/User daemon/User ubuntu/g' /opt/lampp/etc/httpd.conf
sudo sed -i 's/Group daemon/Group ubuntu/g' /opt/lampp/etc/httpd.conf
now, php created cache file can be read and edit by apache without showing any access permission error.
I got same errors in my project...
But found out that I forgot to put enctype in my form.
<form method="#" action="#" enctype="multipart/form-data">
Hopes it helps somewhere somehow...
While working on Windows 10 with Laragon and Laravel 4, it seemed to me there was no way to change the permissions manually, since executing chmod-commands in the Laragon-in-built-terminal had no effect.
However, it was possible in this terminal to go to the storage folder and manually add the desired folders like this:
cd app/storage
mkdir cache
mkdir meta
mkdir views
mkdir sessions
The cd-command in the terminal brings you to the folder (you might need to adjust this path to suit your file structure).
The mkdir-command will create the directory with the given name.
I did not have the opportunity to test this approach in Laravel 5, but I expect that a similar approach should work.
Of course there might be a better way, but at least this was a reasonable workaround for my situation (fixing the error: file_put_contents(/var/www/html/laravel/app/storage/meta/services.json): failed to open stream).
First, delete the storage folder then again create the storage folder.
Inside storage folder create a new folder name as framework.
Inside framework folder create three folders name as cache, sessions and views.
I have solved my problem by doing this.
My command is
echo root_password | sudo -u root -S executable_full_path arguments
The error message I get in the browser is
[sudo] password for www-data: Sorry,
try again.
From phpinfo(), safe mode is off and there are no disabled functions. Why isn't this working? The same command runs fine in the shell (bash). Escapeshellarg and escapeshellcmd don't make a difference.
EDIT: Simply being able to execute the command is not enough. The program that gets executed creates a socket in /tmp, and needs to assign it permissions. So I think I really need to be root for this, is that possible?
As Álvaro suggested, I'm putting my comment as answer. Matt, this would make it possible to run that command as root.
#Matt, don't do that /etc/sudoers (btw, you edit this file with the visudo command, never directly). That way you are making possible that any sudo whatever command run by your web application is run by root, possibiliting a lot of fun for an attacker if he founds a vulnerability in your application.
If you would like to run just ONE command as root without need for passwords, put this in /etc/sudoers (remember visudo command):
www-data ALL=(ALL) NOPASSWD: executable_full_path
Then you are only allowing to execute just this command as root. Now you should be able to do
sudo -u root executable_full_path arguments
without need to type in a password (and it will run as root). Also, this is the only command the user www-data may execute as root using sudo, so it should not be dangerous.
You're echoing the root password when you should be echoing the password for www-data.
Use this on your /ets/sudoers
Example for run gconftool-2 :
www-data ALL=NOPASSWD: /usr/bin/gconftool-2
www-data ALL=NOPASSWD: /usr/bin/sudo
www-data ALL=NOPASSWD: ALL