CODEWITHSUNDEEP
phpapachepermissionsmkdirselinux
Question Overflow
Question Overflow

Reputation: 11255

PHP unable to create a directory with mkdir

I have a previously working PHP script that is able to create a directory with mkdir:

$webfolder = "/var/www/html/images/user";
mkdir($webfolder, 0770);

I made some changes to the permission setting of the folder /var/www/html/images which is now:

drwxrwx---. myself apache system_u:object_r:httpd_sys_content_t:s0 images

I think previously this folder was owned by apache. But since apache has the full privileges of read, write and execute as a user group, I wonder why it can't create a folder within. Using the mkdir produces a false boolean value.

Is the problem due to directory ownership or is there some other reasons? Note that I am using PHP version 5.4.

Error Log added:

[Mon Dec 17 11:12:34 2012] [error] [client 127.0.0.1] PHP Warning: mkdir(): Permission denied in /var/www/html/upload on line 33, referer: https://mywebsite.com/referer

Upvotes: 13

Views: 31790

Answers (2)

nbs
nbs

Reputation: 319

On CentOS7 VM, with PHP5.4.16/Apache 2.4.6/mariadb 5.5.44, the smarty template directory was not writable to generate compiled templates files and was giving the below error (in /var/log/httpd/error_log):

[Thu Mar 31 12:36:08.201383 2016] [:error] [pid 13094] [client 192.168.212.65:52204] PHP Fatal error:  Smarty error: unable to write to $compile_dir '/var/www/html/app1/templates_c'. Be sure $compile_dir is writable by the web server user. in /var/www/html/app1/libs/smarty/Smarty.class.php on line 1093

hence the PHP application was displaying blank screen.

chmod 777 templates_c did not work either; but as per the suggestion by @Question Overflow, permission on web root on this VM did solve the problem.

I had to execute:

[root@appserver html]# chcon -R -t httpd_sys_content_rw_t /var/www/html

of course, the templates_c & cache should be owned by apache user:

drwxr-xr-x.  2 apache apache     6 Mar 31 12:56 templates_c
drwxr-xr-x.  2 apache apache     6 Mar 31 12:56 cache

After spending more than half a day, came across this. Thanks

Upvotes: 0

Question Overflow
Question Overflow

Reputation: 11255

The answer is staring right in front of me, but I miss it due to my unfamiliarity with SELinux.

The SELinux context type should be set as httpd_sys_content_rw_t instead of httpd_sys_content_t so that the folder is both readable and writable for apache. Changing the context recursively is done with the following command:

# chcon -R -t httpd_sys_content_rw_t /var/www/html/images

Good grief. Hope it helps others who come across this.

Upvotes: 35

Related Questions