CODEWITHSUNDEEP
phppermissions
Craig Jacobs
Craig Jacobs

Reputation: 1071

PHP cannot create directory even though parent folder is 777

I understand the security implications of 777. This is just a troubleshooting measure.

Parent folder: 

drwxrwxrwx.  3 web   www-data    22 Jun  5 11:04 library

For good measure the immediate parent is also 777.

PHP is running as apache:

print shell_exec( 'whoami' );

Returns apache which is a member of the www-data group:

# groups apache
apache : apache www-data

The mkdir command fails:

mkdir("/var/www/html/library/temp__9pa2spj13nkiatknv8odqrv3n0");

Warning: mkdir(): Permission denied in /var/www/html/test.php

If I try to chdir to the directory first, I can getcwd() and it's correct. If I try to create the directory at that point if fails.

I'm out of ideas on what to test.

Here's my entire test script for good measure:

<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
print shell_exec( 'whoami' );
mkdir("/var/www/html/library/temp__9pa2spj13nkiatknv8odqrv3n0");
chdir("/var/www/html/library");
echo getcwd();
mkdir("temp__9pa2spj13nkiatknv8odqrv3n0");

Upvotes: 0

Views: 1136

Answers (1)

BA_Webimax
BA_Webimax

Reputation: 2679

By default SE Linux should be configured to block writes to any files by the web server (Apache). The httpd_sys_content_t shows that the directory is set to read only. You need to set it to read/write by using the httpd_sys_rw_content_t context. This can be done using the semanage tool. The command would look like this.

semanage fcontext -a httpd_sys_rw_content_t "/var/www/html/library(/.*)?"

After you set that policy, you can apply it by doing...

restorecon -Rv /var/www/

Upvotes: 2

Related Questions