PHP socket_connect() Permission Denied

Question

Ok, so I've got a nice php server running that has opened an AF_UNIX socet using this little function I written. Which gets called like so

$IPC_connector = socket_create_IPC('/tmp/connection');


function socket_create_IPC($FILE)
{
    #Create a AF_UNIX socket
    if(!($socket = socket_create(AF_UNIX, SOCK_STREAM, 0)))
    {
        $errorcode = socket_last_error();
        $errormsg = socket_strerror($errorcode);

        die("Couldn't create socket: [$errorcode] $errormsg \n");
    }

    #Bind
    if( !socket_bind($socket, $FILE) )
    {
        $errorcode = socket_last_error();
        $errormsg = socket_strerror($errorcode);

        die("Could not bind socket : [$errorcode] $errormsg \n");
    }

    if(socket_listen($socket) === false) 
    {
        die("socket_listen() failed: reason: " . socket_strerror(socket_last_error($socket)) . "\n");
    }

    socket_set_nonblock($socket);

    return $socket;
}

Then I wrote a client that connected to this server like this

if(!($IPC = socket_create(AF_UNIX, SOCK_STREAM, 0)))
{
    $errorcode = socket_last_error();
    $errormsg = socket_strerror($errorcode);

    die("Error:Couldn't create socket - [$errorcode] $errormsg \n");
}
echo "socket_create(): ".socket_strerror(socket_last_error($IPC))."\n";

if(!(socket_connect($IPC, '/tmp/connection')))
    echo "socket_connect() failed, reason: ".socket_strerror(socket_last_error($IPC))."\n";

The Client actually get's called from an AJAX request from a webpage in which it should connect to the server, grab some data, and then return that data back to the webpage. The ajax request is made in javascript. I've tested the client/server connection without the AJAX request and it works, but as soon as I attempt it with AJAX through the webpage the client returns "socket_connect() failed, reason: Permission denied" from the echo statement in the script. Maybe there is some little oversight I'm missing? I assume that Ajax is being called through httpd (apache). I'm sure it's probably some type of file permission thing but I can't figure out exactly what is causing it.

Things I've tried thus far,

Made sure safe_mode was off in php.ini, tried "setsebool -P httpd_can_network_connect on" to attempt to thwart SElinux, also tried "setenforce 0" which made no difference either. I tried changing the file permissions of /tmp and all subdirectories to 777 to no avail. I'm running out of ideas and thought maybe somebody had seen this issue before, I also looked at this, which is the file that my server is creating ->

[root@ip-000-000-000-000 tmp]# ls -lZa connection
srwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 connection

If anybody is interested in the AJAX call I use this

function communication (IP, MechanismID, CommandName) {
    $.post('php/connectDisconnect.php', {
        IP : IP,
        MechanismID : MechanismID,
        CommandName : CommandName
        }, 
        function(data) {
            if(data.search("Error") != -1)
                alert(data);
    });
}

where connectDisconnect.php is the client from above.

Answer 1

As it turns out, ajax calls are run as the apache user, and the file created from my server for the socket was owned by root. I fixed this by adding these couple lines of code to my server where I called the socket_create().

#Deletes the old pipe in case the server crashed last time it closed and didn't use socket_close()
$command = "rm -f /tmp/connection";
exec($command);

#Creates the data pipe for the webpage to connect to
$IPC_connector = socket_create_IPC('/tmp/connection');

#Makes it to where the webpage can actually talk to the server
$command = "chown apache:apache /tmp/connection";
exec($command);

This is a good enough work around for me, I imagine it is not the proper way to go about this. If anybody has a better suggestion or a better practice that you would recommend I'd like to hear it.