'/var/spool/cron' is not a directory, bailing out. when trying to work with crontab via PHP's shell_exec

Question

I am creating a web application. Part of the functionality is depending on that the user can start/stop a cronjob that imports emails.

It doesn't work.

Just to make sure I'm on the right track, as a starter I just want to make 'crontab -l' from php to work and print it to the web browser.

This is how I do it (handle_email_cronjob.php):

$output = shell_exec('crontab -l');
echo $output;

but all I get is nothing. (doing shell_exec('ls -l'); gives me the list of files/dir in the directory)

cat error_log:

'/var/spool/cron' is not a directory, bailing out.

Well, it is a directory no matter what the error log say. ls -Z /var/spool:

drwxr-xr-x. apache apache system_u:object_r:httpd_sys_rw_content_t:s0 cron

SELinux is on and I don't want that to change.

ls -Z /var/spool/cron:

-rwxrwxrwx. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 apache
-rw-------. root   root   unconfined_u:object_r:cron_spool_t:s0 root

it's apache that should be used. (I did try setting cron_spool_t to apache, but still didn't work.)

ls -Z handle_email_cronjob.php:

-rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 handle_email_cronjob.php

I just have a gut feeling that it is related to SELinux, but I can't figure out how to fix it.

What is the problem and how can I fix it? (or is there a better approach for doing this than my?)

Answer 1

After learning how to troubleshoot SELinux I realized that I had to label /var/spool/cron so httpd can read/write to that directory:

chcon -R -t httpd_sys_script_rw_t /var/spool/cron

References:

Understanding audit.log

Troubleshoot SELinux