3

I know that this question must have been asked (and answered) before, but I can't find a solution for my problem in any of those questions. It's a bit odd... The problem is that my PHP scripts (and my Apache server) cannot write to folders on my system. Not at all.

For example, I get the following error while running a script:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'Zend_Session::start() - /var/www/subdomains/vmb/vendor/zendframework/zendframework1/library/Zend/Session.php(Line:482): Error #2 session_start(): open(/var/www/subdomains/vmb/application/../var/session/sess_ingph33ir4shr1e60kkifp37s7, O_RDWR) failed: Permission denied (13)

I have a VPS with CentOS 7, Apache2.4, PHP5.6 (which runs with the apache php mod) and some other stuff. Apache runs as user apache and group apache (as set in the httpd.conf file). I have set the session_path in both /etc/php.ini and /etc/httpd/conf.d/php.conf to /tmp/phpsessions and chown'd/chmod' this folder as apache:apache 777. The above example stores sessions in another folder (which is also chown'd/chmod' as apache:apache 777), but I get the same error for other folders.

So my apache server runs as apache:apache, I chownd the folders to apache:apache that I needed to and even with 777 permissions Apache fails to write to these folders.

Have you ever seen something like this? I haven't before...

redelschaap
  • 235
  • 1
  • 3
  • 14

2 Answers2

4

assuming permissions and ownerships are OK, I believe this relates to SELinux.

Quick and dirty way: ... assuming you're getting Permissive while running getenforce, try disabling SELinux by running setenforce 0 and hit your script again, if it works then it was SELinux, from there you can either leave it disabled (not recommended) or turn it back on by running setenforce 1 and check your /var/log/audit/audit.log and work towards end solution.

alexus
  • 13,112
  • 32
  • 117
  • 174
  • Thanks for you answer. This did help. Strange enough, I ran `setenforce 1` again and it kept working. I didn't change anything else... Do you know why? And do you think it will stay like this (for example after a reboot)? – redelschaap Sep 10 '14 at 21:58
  • @Ronald01990 to be sure, you should try to reboot) – alexus Sep 11 '14 at 14:22
  • I've disabled selinux but still facing same problem – srsajid Aug 07 '19 at 16:05
1

Abandoning SELinux because of a few configuration challenges seems like a poor choice. Instead, I would suggest using a little time to get to know it, and look for a proper solution. In this case, it looks like a solution could be to set the httpd_sys_rw_content_t (notice 'w' for write) file context on the folder you need writable. Keep in mind that selinux fcontext takes regular expressions for targets, so your command would probably look something like this:

semanage fcontext --add \
    -t httpd_sys_rw_content_t \
    '/var/www/subdomains/vmb/var/session(/.*)?'

The regular expression applies the context rule to all files under the session directory, as well as the directory itself.

Apply the policy (only needed once) to the directory and any files therein:

restorecon -R /var/www/subdomains/vmb/var/session

It could be numerous other things, but this at least worked for me.

Saustrup
  • 1,183
  • 1
  • 8
  • 12