unlink and file_put_contents permission denied

Question

unlink and file_put_contents permission denied

Navigation

#1 by (1 votes)

0

I am trying to perform an unlink and a file_put_contents and it does not allow me to perform the operation with all the correct Linux variables (the correct user, permissions in 777, just in case), I had already posted several tests and ways to search the solution, and in this edition I will try to put it more summarized with a main test showing the code and the test.

The main data of the server software are: Apache 2.4, PHP 5.4 and CentOS 7.5, user of apache is "apache" and the one of the files and directory container is "apache".

It's not an easy question, it's not the first time I delete a file through PHP, the question is and still is How do I delete the file through the web service? How do I use the file_put_contents in the web service? What configuration do I lack? This happened to me when I migrated my server applications and tried this simple example of the error.

Attached image with the test with permissions 777

php linux apache

asked by Tabitha 10.07.2018 в 05:22

source

1 answer

Problem with react-native-firebase when running on android import .txt to sql server

score 1 · Answer 1

After an investigation by one of my development guys, he found that the problem was that when migrating the applications to a new CentOS 7.5 Linux server, values were installed by default in the SELinux that did not allow the execution of functions of PHP through Apache for file management. I had never encountered problems with SELinux (Security Enhanced Linux) nor did I know it existed, the English league is: link

To edit the SELinux values we had to install a SELinux tool handler with:

[root@localhost ~]# yum install policycoreutils-python

Then execute a command to see which security policies were activated with the command:

[root@localhost ~]# semanage boolean -l | grep httpd

And start opening doors to different permits with:

[root@localhost ~]# setsebool -P httpd_permiso_a_activar 1

At the end of moving the flags taking reference to other Linux servers where we have a similar architecture, we have a configuration like this:

[root@localhost ~]# semanage boolean -l | grep httpd
httpd_can_network_relay        (off  ,  off)  Allow httpd to can network relay
httpd_can_connect_mythtv       (off  ,  off)  Allow httpd to can connect mythtv
httpd_can_network_connect_db   (off  ,  off)  Allow httpd to can network connect db
httpd_use_gpg                  (off  ,  off)  Allow httpd to use gpg
httpd_dbus_sssd                (off  ,  off)  Allow httpd to dbus sssd
httpd_enable_cgi               (on   ,   on)  Allow httpd to enable cgi
httpd_verify_dns               (off  ,  off)  Allow httpd to verify dns
httpd_dontaudit_search_dirs    (off  ,  off)  Allow httpd to dontaudit search dirs
httpd_use_cifs                 (off  ,  off)  Allow httpd to use cifs
httpd_manage_ipa               (off  ,  off)  Allow httpd to manage ipa
httpd_run_stickshift           (off  ,  off)  Allow httpd to run stickshift
httpd_enable_homedirs          (off  ,  off)  Allow httpd to enable homedirs
httpd_dbus_avahi               (on   ,   on)  Allow httpd to dbus avahi
httpd_unified                  (on   ,   on)  Allow httpd to unified
httpd_mod_auth_pam             (off  ,  off)  Allow httpd to mod auth pam
httpd_can_network_connect      (off  ,  off)  Allow httpd to can network connect
httpd_execmem                  (off  ,  off)  Allow httpd to execmem
httpd_use_fusefs               (off  ,  off)  Allow httpd to use fusefs
httpd_mod_auth_ntlm_winbind    (off  ,  off)  Allow httpd to mod auth ntlm winbind
httpd_use_sasl                 (off  ,  off)  Allow httpd to use sasl
httpd_tty_comm                 (on   ,   on)  Allow httpd to tty comm
httpd_sys_script_anon_write    (off  ,  off)  Allow httpd to sys script anon write
httpd_graceful_shutdown        (on   ,   on)  Allow httpd to graceful shutdown
httpd_can_connect_ftp          (off  ,  off)  Allow httpd to can connect ftp
httpd_run_ipa                  (off  ,  off)  Allow httpd to run ipa
httpd_read_user_content        (off  ,  off)  Allow httpd to read user content
httpd_use_nfs                  (off  ,  off)  Allow httpd to use nfs
httpd_can_connect_zabbix       (off  ,  off)  Allow httpd to can connect zabbix
httpd_tmp_exec                 (off  ,  off)  Allow httpd to tmp exec
httpd_run_preupgrade           (off  ,  off)  Allow httpd to run preupgrade
httpd_can_sendmail             (off  ,  off)  Allow httpd to can sendmail
httpd_builtin_scripting        (on   ,   on)  Allow httpd to builtin scripting
httpd_can_connect_ldap         (off  ,  off)  Allow httpd to can connect ldap
httpd_can_check_spam           (off  ,  off)  Allow httpd to can check spam
httpd_can_network_memcache     (off  ,  off)  Allow httpd to can network memcache
httpd_can_network_connect_cobbler (off  ,  off)  Allow httpd to can network connect cobbler
httpd_anon_write               (off  ,  off)  Allow httpd to anon write
httpd_serve_cobbler_files      (off  ,  off)  Allow httpd to serve cobbler files
httpd_ssi_exec                 (off  ,  off)  Allow httpd to ssi exec
httpd_use_openstack            (off  ,  off)  Allow httpd to use openstack
httpd_enable_ftp_server        (off  ,  off)  Allow httpd to enable ftp server
httpd_setrlimit                (off  ,  off)  Allow httpd to setrlimit

And that's how the problem was solved, I hope that no one will, and if so, here is the solution and I hope someone will help you