[SOLVED] very frustrating permissions problem in PHP

[michaellunsford]

fopen and imagejpeg are giving me trouble when run through apache. Run them on the command line and they work fine. Errors are permissions errors like "failed to open stream: Permission denied in"

 

I've been working on this for about a month and have a post in the main php forum with no response. Since the php code is working fine from the command line, I'm thinking this is an apache problem. Ideas?

 

edit: folder permissions are 777, ownership doesn't seem to matter. By default it is root:root, but I've also tried apache:apache without result.

[corbin]

Can you show us an entire message?  (Feel free to edit out the paths.)

 

Is there an open_basedir restriction in effect that might be blocking it?

[michaellunsford]

I'm afraid it wont' be much help:

<br />

<b>Warning</b>:  fopen(/usr/local/images/L08180109_154933.jpg) [<a href='function.fopen'>function.fopen</a>]: failed to open stream: Permission denied in <b>/usr/local/images/errors.php</b> on line <b>3</b><br />

<br />

<b>Warning</b>:  fwrite(): supplied argument is not a valid stream resource in <b>/usr/local/images/errors.php</b> on line <b>4</b><br />

<br />

<b>Warning</b>:  fclose(): supplied argument is not a valid stream resource in <b>/usr/local/images/errors.php</b> on line <b>5</b><br />

 

<?php
$image=file_get_contents($myfile));
$file=fopen($mydir.$myfile,"w");
fwrite($file,$image);
fclose($file);
header("Content-Type: image/jpeg");
echo $image;
?>

 

If I remove the fopen stuff, the image dumps just fine, so I know it's in there. The directory has 777 permissions. One thing I should probably mention is this is not in the regular domain directory. It's linked to by symbolic link, but the $mydir variable includes the full path. There are no basedir restrictions in effect (this directory is included in the httpd.conf file), plus, if there were, we should be seeing basedir restriction errors. I can make those errors come up if I remove the directory from the httpd.conf file, though.

 

Since posting this, I have recreated this directory inside the domain's directory. There, the scripts run just fine. Same exact permissions, same exact owner and group assigned to all directories and symbolic links.

 

Why do it this way? This is a shared image resource directory between multiple domains. The directory currently contains 839 megs of images. So, making copies in each domain's folder would take up an insane amount of hard drive space.

 

PS> This configuration worked fine on another server, this problem showed post migration.

[corbin]

Is Apache allowing PHP to follow symlinks?

 

Try setting FollowSymLinks to be allowed in the directory.

 

If you have access to httpd.conf you can do (make sure to put it after any other rules that might conflict with it):

 

<Directory "/path/to/dir/">

Options +FollowSymLinks

</Directory>

 

 

Or if you don't you can try with htaccess:

 

Put a file in the same directory named .htaccess:

 

Options +FollowSymLinks

 

 

But, AllowOverride is not set to allow that, it won't work.

[michaellunsford]

tried the Options +FollowSymLinks, no dice. So, I eliminated the sym link from the equation.

 

In the directory I copied the scripts into that was working just fine, I went ahead an put the full file path to the place I want the files saved to ("/usr/local/images/"). Surprise, same permissions error. If I tell it to go to "/tmp/" it works fine. So, I thought to make permissions just like the /tmp/ folder and it'll work. The only difference is the sticky bit, so I added it still get those pesky permissions errors.

 

For fun, I added a function that tells me the permissions of whatever file I'm trying to access (I used the variable for the directory path) and it returns 1777, or 0777 before I added the sticky bit.

[michaellunsford]

Okay, I moved everything into a different directory off of one of the domains and am now doing symbolic links to it from the others. Not sure what the deal on that first directory was - but since it was the problem, I have removed it from the equation.

 

Thanks to everyone for reading and trying. If you do think of something else, I would still be curious to know about it as this topic isn't officially "solved" but rather "no longer an issue"

 

Thanks!