Dave Morton
Dave Morton

Reputation: 691

access denied in debian guest apache using a windows share

This is a complicated (for me, at least) problem, so please bear with me.

I have three virtual machines with assorted guest operating systems (listed below) running in VirtualBox 4.2.10, all running either Apache 2.2+ or IIS 7.5 web servers that point to the same network share on the host machine (Windows 8).

The guest operating systems/server/PHP versions:

  1. Windows 7 Ultimate - IIS 7.5 - PHP 5.3.23
  2. Windows XP Pro - Apache/2.2.24 - PHP/5.2.9
  3. Debian 6.0.7 - Apache/2.2.16 - PHP 5.3.3

All 3 servers (4, including the host) can access and display web pages just fine, and PHP scripts execute correctly as well, with one major exception: Neither Apache nor PHP can write to any location within the network share.

The network share is mounted with (supposedly) read/write permissions through fstab, using the following command:

//dmorton/http /var/www cifs rw,user=dmorton/server,password=******

The share mounts just fine, and I can read/write files through either gedit or the terminal, so I know that the share is correctly mounted, though I expect that the code in fstab could use a bit of a makeover. I used a connection through the network, rather than using VirtualBox's shared folders feature because no matter what I tried, I couldn't get Apache to recognize the share at all that way.

As I mentioned above, Apache can display web pages and execute PHP scripts just fine, except when it tries to write to either a log file (apache) or a debugging file (PHP). I had to relocate the Apache logs just to be able to read them, since they weren't even being written when configured to write to the share, like the other 2 guests are. Here's an excerpt from the relevant error log:

[Fri Apr 05 08:02:23 2013] [error] [client 192.168.1.100] PHP Warning:  file_put_contents(/var/www/PGO2.1/chatbot/debug/7o13ii3te7a6u2q52hpu1b3m86.mem_trace.txt): failed to open stream: Permission denied in /var/www/PGO2.1/library/error_functions.php on line 333, referer: http://dmorton-deb64/PGO2.1/gui/plain/index.php?say=test&submit=say&bot_id=1&format=html

Fri Apr 05 09:01:25 2013] [error] [client 192.168.1.100] PHP Warning:  file_put_contents(commonWords.dat): failed to open stream: Permission denied in /var/www/tmp/sort_cw.php on line 6, referer: http://dmorton-deb64/tmp/

As you can see, PHP is being denied access to files in at least two different locations within the document root. I know that this is a permissions issue, and I've tried different methods (listed below) to correct this, but I'm obviously missing something here. I'm a relative newb when it comes to *nix systems, so I expect it's something simple. Anyway, here are the methods I've tried to "fix" this: *

  1. created a special account on the host OS that all VM's can use to access the share with full permissions
  2. set "full control" permissions to the host folder for "Everyone"
  3. set up an account in Debian with the same credentials as the host account, giving it full permissions
  4. configured Apache to run as the user mentioned in #3, and with the "root" group permissions
  5. attempted other mount options in fstab to make the share writable for everyone
  • Please note that I'm aware of the security implications involved with some or all of these settings. Once I find out how to correct the problem, I'll revert these to a more secure footing, one at a time.

Ok, now that you have the overall gist of the issue, I have to ask:

How can I correct the issue described above, and what am I missing here?

Upvotes: 0

Views: 1159

Answers (1)

Dave Morton
Dave Morton

Reputation: 691

I did some further poking and prodding, and I stumbled upon the answer. In order for *nix systems to be able to have read/write permissions to the Windows shares, they have to connect with a specific set of credentials (which I already knew), and said set of credentials do NOT fall under the general category of "everybody" (which I didn't know). I had to go into "Advanced Sharing" under the Sharing tab of the folder's properties, and click the Permissions button there (not under "Security", which I had already tried, without success). then I added the correct credentials and set the permissions to full access, hit apply/ok as needed, and gave it another go. Viola! My Debian and Ubuntu servers can now write to the correct folders, and I was able to put the security settings back to the way they belonged. I sincerely hope that this helps folks in the future.

Upvotes: 2

Related Questions