I'm trying to get my php cgi processes to read from a file on my filesystem. Both the file and parent folder have all rwx permissions allowed and the file has the same owner and group id as the php processes, www-data.
我正在尝试让我的php cgi进程从我的文件系统上的文件中读取。文件和父文件夹都允许所有rwx权限,并且该文件与php进程,www-data具有相同的所有者和组ID。
No matter how I try to open the file (read(), file_get_contents(), stream_get_contents()) I always get the same error: failed to open stream: Permission denied
无论我如何尝试打开文件(read(),file_get_contents(),stream_get_contents())我总是得到同样的错误:无法打开流:权限被拒绝
I have no problem opening the file in the php interactive session, using cat on the command line, or with python.
我在php交互式会话中打开文件没有问题,在命令行上使用cat或者使用python。
What is going on?
到底是怎么回事?
2 个解决方案
#1
1
I've seen this problem before on Linux systems with SELinux enabled. The httpd process is typically given its own security context that only allows certain files to be accessed.
我之前在启用了SELinux的Linux系统上看到过这个问题。 httpd进程通常具有自己的安全上下文,只允许访问某些文件。
You can check to see if SELinux is enabled by running ls --scontext on the file and on the php script. If the two files have the same context or if ls complains about the argument then SELinux is probably not the cause of the problem.
您可以通过在文件和php脚本上运行ls --scontext来检查SELinux是否已启用。如果这两个文件具有相同的上下文或者ls抱怨该参数,那么SELinux可能不是问题的原因。
Assuming SELinux is the cause of problem then you could try setting the file in question to have the same security context as your php script with the chcon command. For example:
假设SELinux是问题的原因,那么您可以尝试使用chcon命令设置相关文件以使用与php脚本相同的安全上下文。例如:
chcon --reference=/var/www/html/page.php /data/filetoread
where /var/www/html/page.php is your php script and /data/filetoread is the file that you want to access.
其中/var/www/html/page.php是您的php脚本,/ data / filetoread是您要访问的文件。
#2
0
It turns out this file was under a FUSE filesystem which had not been mounted with the allow_other option.
事实证明,此文件位于FUSE文件系统下,该文件系统尚未使用allow_other选项进行安装。
#1
1
I've seen this problem before on Linux systems with SELinux enabled. The httpd process is typically given its own security context that only allows certain files to be accessed.
我之前在启用了SELinux的Linux系统上看到过这个问题。 httpd进程通常具有自己的安全上下文,只允许访问某些文件。
You can check to see if SELinux is enabled by running ls --scontext on the file and on the php script. If the two files have the same context or if ls complains about the argument then SELinux is probably not the cause of the problem.
您可以通过在文件和php脚本上运行ls --scontext来检查SELinux是否已启用。如果这两个文件具有相同的上下文或者ls抱怨该参数,那么SELinux可能不是问题的原因。
Assuming SELinux is the cause of problem then you could try setting the file in question to have the same security context as your php script with the chcon command. For example:
假设SELinux是问题的原因,那么您可以尝试使用chcon命令设置相关文件以使用与php脚本相同的安全上下文。例如:
chcon --reference=/var/www/html/page.php /data/filetoread
where /var/www/html/page.php is your php script and /data/filetoread is the file that you want to access.
其中/var/www/html/page.php是您的php脚本,/ data / filetoread是您要访问的文件。
#2
0
It turns out this file was under a FUSE filesystem which had not been mounted with the allow_other option.
事实证明,此文件位于FUSE文件系统下,该文件系统尚未使用allow_other选项进行安装。