Apache/PHP does not have permission to read file

Question

I have a webpage that is trying to read a file but getting a permission denied error. I've written a very simple page to reproduce the problem.

<?php
echo exec('whoami');
echo "<br>";
echo exec('cat /var/svn/aaa/format 2>&1');
?>

As a test I've tried setting permissions on the svn dir and everything below to a ridiculous 777, changed ownership to apache and tried adding apache user to different groups. I've confirmed it is running as the apache user (that what the whoami call is for above). If I try running the above command as apache on the command line then it works fine, eg

sudo -u apache cat /var/svn/aaa/format 2>&1

Why is this not doing what I expect? I would expect giving the file 777 would give 'other' full permissions, I would expect changing the owner to apache would also resolve the problem. I would expect doing the sudo as apache user would fail if it fails from php.

BTW, just for completeness this is an issue I am having running WebSVN but it appears to be an apache issue not a WebSVN issue.

Answer 1

Got it fixed. I tried on a different box without doing a thing and it worked first go. I had the file I was trying to access owned by root and didn't set any permissions. Looking for what was different it turned out to be SELinux. I have no idea what that is but disabling it fixed the problems. I'm guessing it is some sort of security 'feature'?? Calling getenforce told me it was on and I could use setenforce to make it permissive.

me@host# getenforce
Enforcing

me@host# setenforce Permissive

The other option is to disable it in the config file /etc/sysconfig/selinux. I'm guessing a restart of something is required after that.

SELINUX=disabled

Thanks everyone for the replies.

Answer 2

which cat

use the full path to cat in your exec