RHEL + PHP : writing files outside /var/www/html?

StackOverflow https://stackoverflow.com/questions/8998743

  •  14-11-2019
  •  | 
  •  

Question

I'm trying to open a file for read/write. I've been developing on Ubuntu, and have had no problems whatsoever. Now it's time to deploy to the RHEL server, and I discover there seems to be some kind of restriction on the location of a file to be written.

On RHEL, I can't open the file unless it's under /var/www/html. I can't figure out how to allow other locations. I need to manipulate files on a different volume, for disk space management reasons.

The following is the bit of code that works fine on Ubuntu no matter what, but breaks on RHEL if the file is outside the web root:

$repometa = fopen( "/path/to/file/it/does/exist/and/has/good/perms", "r+b");

The actual error is as follows, which is weird, because the permissions are just fine (owned by the "apache" user, with 0644 perms on file, 755 on dirs).

fopen(<thefile>): failed to open stream: Permission denied

Can someone point me to the documents that describe how to un-break RHEL's Apache/PHP config to allow writing to alternate locations on the file system?

Thanks, ~ Paul

Was it helpful?

Solution

As written in the httpd_selinux(8) man page, you must give files and directories specific file contexts if you want to be able to read from or write to them. See the man page for details, keeping in mind that PHP scripts run as the daemon unless you have specifically set up PHP to run as CGI.

OTHER TIPS

To add some specifics to the accepted answer, I also had this exact problem and this command fixed it for me.

chcon -R -t httpd_sys_content_t /path/to/file/it/does/exist/and/has/good/perms

Sounds like a user and/or group permission issue. The file itself may be writeable... (as you mentioned in your nice path name,) but maybe the apache user (or however it is titled,) is not allowed to make any file changes outside of the default /var/www/html directory?

Any way to make a change to a file inside /var/www/html and then have another shell script (and/or user,) take it from there and move it to your desired directory?

Interesting that it would work on Ubuntu and not RHEL; maybe RHEL is more strict as far as users and groups go?

As an aside: in general, it might be safer not to have PHP write to files outside of the www directories... :)

EDIT

On @Ignacio's hint(1), maybe something like this might work: http://us2.php.net/manual/en/function.fopen.php#56551

If it's something you will need all the time, you might want to try typing this on the command line:

/usr/sbin/setsebool -P httpd_can_network_connect=1

I still would be careful about PHP file manipulation outside of the www folder... but, hope that helps...!

(1) http://linux.die.net/man/8/httpd_selinux

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top