2012-01-25 06:30 阅读 83

RHEL + PHP:在/ var / www / html之外写文件?

I'm trying to open a file for read/write. I've been developing on Ubuntu, and have had no problems whatsoever. Now it's time to deploy to the RHEL server, and I discover there seems to be some kind of restriction on the location of a file to be written.

On RHEL, I can't open the file unless it's under /var/www/html. I can't figure out how to allow other locations. I need to manipulate files on a different volume, for disk space management reasons.

The following is the bit of code that works fine on Ubuntu no matter what, but breaks on RHEL if the file is outside the web root:

$repometa = fopen( "/path/to/file/it/does/exist/and/has/good/perms", "r+b");

The actual error is as follows, which is weird, because the permissions are just fine (owned by the "apache" user, with 0644 perms on file, 755 on dirs).

fopen(<thefile>): failed to open stream: Permission denied

Can someone point me to the documents that describe how to un-break RHEL's Apache/PHP config to allow writing to alternate locations on the file system?

Thanks, ~ Paul

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

3条回答 默认 最新

  • 已采纳
    dongzouban9871 dongzouban9871 2012-01-25 06:39

    As written in the httpd_selinux(8) man page, you must give files and directories specific file contexts if you want to be able to read from or write to them. See the man page for details, keeping in mind that PHP scripts run as the daemon unless you have specifically set up PHP to run as CGI.

    点赞 评论 复制链接分享
  • dongquelu1239 dongquelu1239 2012-01-25 06:35

    Sounds like a user and/or group permission issue. The file itself may be writeable... (as you mentioned in your nice path name,) but maybe the apache user (or however it is titled,) is not allowed to make any file changes outside of the default /var/www/html directory?

    Any way to make a change to a file inside /var/www/html and then have another shell script (and/or user,) take it from there and move it to your desired directory?

    Interesting that it would work on Ubuntu and not RHEL; maybe RHEL is more strict as far as users and groups go?

    As an aside: in general, it might be safer not to have PHP write to files outside of the www directories... :)


    On @Ignacio's hint(1), maybe something like this might work:

    If it's something you will need all the time, you might want to try typing this on the command line:

    /usr/sbin/setsebool -P httpd_can_network_connect=1

    I still would be careful about PHP file manipulation outside of the www folder... but, hope that helps...!


    点赞 评论 复制链接分享
  • drf16571 drf16571 2013-01-14 17:07

    To add some specifics to the accepted answer, I also had this exact problem and this command fixed it for me.

    chcon -R -t httpd_sys_content_t /path/to/file/it/does/exist/and/has/good/perms
    点赞 评论 复制链接分享