dongsheng66783619
dongsheng66783619
2013-10-06 01:02

PHP - 通过SSH创建的目录上的权限被拒绝

已采纳

Under linux, using php 5.3

If I use mkdir in a php script to create a folder, then I have full access on this folder to add files or create folder inside it.

If I then login on the server via ssh, create a second folder, chown(recursively or not) to the exact same user:group as the one created by the php mkdir(), and chmod it to the the same exact permissions as the first folder then trying to access this folder to add a file or create a new folder inside it will throw a permission denied.

Trying to chmod 777 does not work either. I cannot for the life of me figure out the difference between the two :

drwxr-xr-x.  2 amadeous psacln     4096  6 oct.  02:38 test
drwxr-xr-x.  2 amadeous psacln     4096  6 oct.  02:39 testtest

Any idea appreciated.

EDIT AFTER COMMENTS The apache user is running with the user amadeous in the group psacln. mkdir() does create the new directory with this user and group A exec("whoami") returns amadeous as well. But still no go.

EDIT 2 AFTER COMMENTS ABOUT SELINUX BY GUIDO ls -Z does give different results although I don't know what to make of it :

drwxr-xr-x. amateous psacln system_u:object_r:httpd_sys_rw_content_t:s0 test
drwxr-xr-x. amateous psacln unconfined_u:object_r:user_tmp_t:s0 testtest

How do I go about fixing this ?

Thanks

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dqlm80253 dqlm80253 8年前

    The right labeling for files and directories accessible from the httpd apache processes is httpd_sys_content_t; while the files generated have user_tmp_t:

    ls -Z
    drwxr-xr-x. amateous psacln system_u:object_r:httpd_sys_rw_content_t:s0 test
    drwxr-xr-x. amateous psacln unconfined_u:object_r:user_tmp_t:s0 testtest
    

    To fix the labeling, run (more info):

    chcon -t httpd_sys_content_t <directory>
    
    点赞 评论 复制链接分享