1

I have an Apache 2.17 server running on a Fedora 13. I want to be able to create a file in a directory.

I cannot do that. Whenever I try to open a file with php for writing fopen(,'w'), it tells me that I don't have permission to do that.

So i checked the httpd.conf file in /etc/httpd/conf/. It says user apache, group apache. So I changed ownership (chown -R apache:apache .*) of my whole /www directory to apache:apache. I also run chmod -R 777 *

Apart from knowing how terribly dangerous this is, it actually still gives me the same error, even though I even allow public write!

Improve this question
5
  • Did you literally use apache:apache? Commented Jan 30, 2011 at 19:07
  • 2
    Are there any SELinux messages in /var/log/messages or /var/log/audit/audit.log indicating that SELinux is blocking this? Commented Jan 30, 2011 at 19:20
  • Also, check if php safe mode is on Commented Jan 30, 2011 at 19:59
  • 1. the /var/www and all files in subdirectories are owned by user apache, group apache, I double checked. 2. SELinux was the indeed key! I disabled it temporarily, and everytihng seemed to run as it should. No need for 777 anymore. Thanks! Commented Jan 30, 2011 at 23:13
  • How is PHP being run? CGI, DSO, SuPHP, etc? These will determine the actual user PHP runs as, which is not always the same as the Apache server itself. Commented Dec 14, 2011 at 22:55

1 Answer 1

Reset to default
1

Check your error log, it will tell you the problem. I think it will boil down to one of these four things:
- PHP safe_mode is enabled for the domain. The error log will make this clear.
- PHP open_basedir restrictions are in effect. Again, the error log will make this clear.
- You have the wrong document root
- A parent directory has the wrong permissons.

Also, change those permissions as soon as possible. If you're using PHP as an apache module, if your website gets compromised the attacker will be able to write custom PHP scripts and execute them at will via the browser.

If you're using FC13 and have acl enabled, consider using a setfacl instead of chmod -R 777 - it's a little more secure (only specified for given users) and easier to undo:
setfacl -R -m user:apache:rwx /path/to/webroot
setfacl -d -R -m user:apache:rwx /path/to/webroot.

Improve this answer
1
  • Indeed, after running configuring SELinux and configuring apache's user and group settings, chmod lowering to minimum was imminent. Commented Jan 30, 2011 at 23:16

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.