0

I've been struggling to get PHP readfile() to work properly. After drilling down all options, it turns out that I can not get this to work when I am trying to open a file that is located on another partition. My webroot folder is located under the root partition (/webroot), and I want to access files located under /home.

  • Permissions are just fine
  • open_basedir is deactivated
  • If I move the same folder and files to a folder under /, then it all works, but if it's located under /home, then it does not work anymore. Permissions are 777 and owner of the folder is Apache, so it is really not a file permission issue.

Here's my fstab:

# /dev/sda1
UUID=...    /           ext4        rw,relatime,data=ordered    0 1

# /dev/sda6
UUID=...    /home       ext4        rw,relatime,data=ordered    0 2

The error I'm getting is: 

Warning: readfile(/home/files/1.txt): failed to open stream: Permission denied in /webroot/download.php

I'm not finding any partition-related limitations in the documentation. My logfiles do not indicate any particular error either. I do not have selinux installed.

EDIT: open_basedir is NOT at fault. I have checked this thoroughly. Both by specifically including the folder that is at stake, and by commenting out the whole open_basedir directive. Also, if I do force an open_basedir error, then the actual error message is different.

Current open_basedir setting:

https://i.stack.imgur.com/AXe7T.png

Using Arch Linux, PHP 5.4.13

Any idea what this could be?

Community
  • 1
please delete me
  • 119
  • 5
  • short answer, check the value of php's [open_basedir](http://www.php.net/manual/en/ini.core.php#ini.open-basedir) directive. – forcefsck Mar 30 '13 at 14:44
  • I'm pretty sure open_basedir's message says that it is open_basedir's fault, though maybe it can be turned off to just give a generic permission denied error. I'm thinking SELinux personally, but I don't know if archlinux uses a variable to enable/disable httpd access to /home – DerfK Mar 30 '13 at 14:57
  • @forcefsck thanks, but open_basedir is not the issue, unfortunately. I have added more info to my post. – please delete me Mar 30 '13 at 17:20
  • @DerfK thanks, but I do not have SELinux running on my box. – please delete me Mar 30 '13 at 17:20
  • When do you say "I do not have selinux installed", what do you mean? What's the output of "sestatus"? – mricon Mar 30 '13 at 18:07
  • @mricon I mean that I did not install the packages for selinux. `sestatus` returns `sestatus: command not found`. – please delete me Mar 31 '13 at 04:02

1 Answers1

1

I would bet a large sum of money on the fact that the partition the file is located on has nothing to do with why you can't open it (as long as the filesystem is mounted).

Permissions are 777 and owner of the folder is Apache, so it is really not a file permission issue.

But PHP is explicitly telling you that it's a permissions problem:

failed to open stream: Permission denied

If you've ruled out open_basedir and selinux, then other things to check:

1) is PHP running as the apache uid? That's OK if it's mod_php but for php-fpm, that's messy.

2) is the PHP running in a chroot jail?

3) What do you get from:

<?php

function show_p($path)
{
   print "path=" . $path . "n";
   print "permissions=" . substr(sprintf('%o', fileperms($path)), -4) . "\n";
   print_r(stat($path))
}
print "uid=" . getmyuid() . "\n";
print "gid=" . getmygid() . "\n";
show_p('/home');
show_p('/home/files');
show_p('/home/files/1.txt');
print "acl=" . `getfacl -1 /home/files/1.txt` . "\n";
symcbean
  • 21,009
  • 1
  • 31
  • 52
  • THANK YOU! 1 & 2) PHP is running as Apache, and not in chroot, but your 3rd suggestion did the trick. /home/ had `700` permission, which is why PHP could not access the folder or files below, despite their permissions. Thanks! – please delete me Mar 31 '13 at 04:16