Jump to content

Permission Denied in php file read when file owner is not apache


snehu

Recommended Posts

I am using apache web server on linux. I am using PHP for web designing. On web server, i want to show the configuration data by reading the ini file. I am creating this ini file from one php code itself. If this php code i run through linux terminal, the file is created with file and group owner as root.(i am having sudo rights on machine) Then if i try to read the ini file from my apache web server, it gives warning as failed to open stream: permission denied. I have tried changing the owner, and permissions to 777 of the file. Still it is not readable.

On the other hand, if i run the php code of ini file creation through web server, ini file is created with file and group owner as apche. and web server is able to read/ write the file.

But i want to create that file from root or some other user and later read/written by apache.

How to give this access permission?

Link to comment
Share on other sites

 The file which is read by web server is a configuration file. This file contains the system configuration data set at that point of time. So it will be written by another algorithm. And web server gives the permission to update the configuration settings to the user. So apache web server need both read and write permission to the file whose owner is different. Read - to read at start system settings

Write - to update the setting as per user requirement.

Where can i find safe mode?

Link to comment
Share on other sites

The file which is read by web server is a configuration file. This file contains the system configuration data set at that point of time. So it will be written by another algorithm. And web server gives the permission to update the configuration settings to the user. So apache web server need both read and write permission to the file whose owner is different. Read - to read at start system settings

Write - to update the setting as per user requirement.

That's fine. Go ahead and do that. But don't make the file be owned by root.

 

Where can i find safe mode?

safe_mode is a PHP setting so check phpinfo(), ini_get(), or your php.ini.
Link to comment
Share on other sites

You might also consider using setgid on the directory. Something like:

 

sudo chgrp www-data /path/to/dir

sudo chmod g+s /path/to/dir

 

This should enforce that all files created in the directory inherit the www-data group. setgid on directories is often essential (as in the case of using git), so you should read up on it.

Link to comment
Share on other sites

sKunKbad, why the apache user gets the message of permission denied when it / he tries to open the file in his own directory? 

[root@lxc dummy]# ls -ld /home/dummy/http/
drwxr-xr-x. 2 apache apache 4096 Sep 16 20:34 /home/dummy/http/
[root@lxc dummy]# ls -l /home/dummy/http/test.php 
-rwxr-xr-x. 1 apache apache 202 Sep 16 20:34 /home/dummy/http/test.php
[root@lxc dummy]# su -l apache -s /bin/bash 
-bash-4.1$whoami
apache
-bash-4.1$ ls -ld /home/dummy/http 
ls: cannot access /home/dummy/http: Permission denied
-bash-4.1$ php -f /home/dummy/http/test.php
Could not open input file: /home/dummy/http/test.php
Edited by jazzman1
Link to comment
Share on other sites

sKunKbad, why the apache user gets the message of permission denied when it / he tries to open the file in his own directory? 

 

[root@lxc dummy]# ls -ld /home/dummy/http/
drwxr-xr-x. 2 apache apache 4096 Sep 16 20:34 /home/dummy/http/
[root@lxc dummy]# ls -l /home/dummy/http/test.php 
-rwxr-xr-x. 1 apache apache 202 Sep 16 20:34 /home/dummy/http/test.php
[root@lxc dummy]# su -l apache -s /bin/bash 
-bash-4.1$whoami
apache
-bash-4.1$ ls -ld /home/dummy/http 
ls: cannot access /home/dummy/http: Permission denied
-bash-4.1$ php -f /home/dummy/http/test.php
Could not open input file: /home/dummy/http/test.php

Probably parent directory not owned by Apache, or parent directory not applied to a group where Apache is member, combined with permission like drwx------. Yes?

Link to comment
Share on other sites

Hi sKunKbad, I have created file as normal user(not root) and given permissions g+s as suggested by you. But still the same problem.

Then i created the file with sudo user as root and then done setgid and changed group to apache. But i am not able to read the file in web server. File is located in /var/tmp folder. And my apache root directory is /var/www/html. My php code of reading the file is in root directory folder.

 

Hi requinix, I have not found safe mode of php in php.ini. Does safe mode will impact the operation?

Link to comment
Share on other sites

Yes sKunKbad, that was the issue here, but in fact that we can apply some additional security added by SELinux, so although DAC rules allowed "ls -ld" process access this directory ~/http, SELinux policy would denied access to it. We never know what could be a problem without providing some additional information. Most of the users coming to the forums said - Hey, I added permissions to 777 to the dir / file, but it still do not have permission on it ;)

 

@snehu, do you have an access to apache error_log file? What distro is that? I suspect is RedHat based.

Link to comment
Share on other sites

Linux/Unix type permissions are full of little things to learn. I'll be honest and state that I do not consider myself to have a complete understanding of them. I do have great interest in this subject. I have some permission related questions of my own, but those would be for another thread.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.