英文:
some php file work and not others with the same permissions
问题
我已经安装了Oracle Linux 8/PHP/Apache。一切都正常工作,只有一个问题。只有一些我的PHP脚本文件可以运行,其他的会显示"权限被拒绝"的错误。我已经设置了文件的正确权限。
例如,在文档根目录www/html中,我可以运行phpinfo.php,没有问题,但如果我添加一个test.php,与phpinfo.php相同的文件权限,放在相同的位置www/html,并在其中放入(phpinfo(); ),我会收到"权限被拒绝"的错误。如果我更改phpinfo.php的内容并添加一个查询,例如,它可以正常工作。
就像文件名允许某些文件名,但不允许其他文件名一样。再次强调,文件权限都是正确的。实际上,我为了测试将它们设置为777,但结果是一样的。
我最好的猜测是与Nginx和PHP-FPM有关,但我无法找出原因。我对PHP-FPM或Nginx没有任何经验,只有今天学到的知识。我在PHP-FPM和Nginx配置文件中寻找任何可能与此有关的内容。此外,我整天都在搜索相关信息 :/
sudo grep -i denied /var/log/audit/audit.log
结果:
type=AVC msg=audit(1689293825.039:334): avc: denied { read } for pid=5111 comm="php-fpm" name="test.php" dev="dm-0" ino=18674742 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
httpd错误日志
[proxy_fcgi:error] [pid 5153:tid 140323287488256] [client 10.x.x.x:53042] AH01071: Got error 'Unable to open primary script: /var/www/html/test.php (Permission denied)'
php-fpm www-error.log
UTC] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
有什么想法吗?
谢谢。
英文:
I have installed Oracle Linux 8 /PHP /Apache. All is working okay with one problem. Only some of my php scrip files will run others give permission denied. I have set the correct permissions on the files.
Example: In doc root www/html I can run phpinfo.php no problem but if I add a test.php same file permissions same location www/html and put ( phpinfo(); ) in it, I get permissions denied. If I change the contents of phpinfo.php and add a query for example, it works.
Its like the file name is allowed for certain file names but not allowing other file names. Again, file permissions are all correct. In fact I set them to 777 just for testing but got the same results.
Best I can tell is its something to do with nginx and php-fpm but I can't find out why its doing this. I don't have any experience with php-fpm or nginx only what I learned today. I looked for anything in php-fpm and nginx config files that would be related to this. Also, googled all day :/
sudo grep -i denied /var/log/audit/audit.log
Results
type=AVC msg=audit(1689293825.039:334): avc: denied { read } for pid=5111 comm="php-fpm" name="test.php" dev="dm-0" ino=18674742 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
httpd error log
[proxy_fcgi:error] [pid 5153:tid 140323287488256] [client 10.x.x.x:53042] AH01071: Got error 'Unable to open primary script: /var/www/html/test.php (Permission denied)'
php-fpm www-error.log
UTC] PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
Any ideas?
Thank you
答案1
得分: 1
我找到了问题!看起来即使我在/etc/selinux配置中禁用了SELinux([SELINUX=disabled]),它仍然影响了文件。
我从另一个网站学到,权限结果的末尾的点(-rw-r--r--.)表示文件受SELinux控制。
我运行了[ restorecon -r /var/www/html/test.php ],它起作用了!现在我会查看为什么禁用SELinux没有起作用。
感谢大家的帮助。
英文:
I found the issue! It seems that even though I disabled SELinux in /etc/selinux config with [SELINUX=disabled] it was still effecting the files.
I learned from another site the dot on the end of the permissions results (-rw-r--r--.) denotes the file is controlled but selinux.
I ran [ restorecon -r /var/www/html/test.php ] and it worked! Now I'll look at why disabling selinux didn't work.
Thank you all for the help.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论