 is_dir true from cli, false from Apache [message #178217] |
Wed, 23 May 2012 16:45  |
Robert Grimm
Messages: 6
Registered: May 2012
Karma: 0
|
Junior Member |
|
|
I'm having trouble on CentOS 6 with PHP5. This is my test code:
$dir = is_dir("/var/www/document_repository");
Ultimately, I'm trying to get OpenDocMan working. That this test code
fails shows why I can't get OpenDocMan working. I've tried everything I
can think of. I've added a trailing /. I've put the directory in and
out of the OpenDocMan directory, which has a directory definition in
the Apache config. The user apache owns and has full access to the
directory. I tested to make sure PHP was being run by apache with
passthru("whoami");
I posted my site configuration and phpinfo() output at
http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
the page as of right now.
What is really strange is that my test code works when I run it from
the command line.
This is a recent, clean install of CentOS. I have done no customization
of the configuration files beyond defining the site in Apache. The site
configuration has no PHP directives, as can be seen in the forum post
linked above. What is going on? What do I have to do to get this
working?
|
|
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178219 is a reply to message #178218] |
Wed, 23 May 2012 17:24  |
Robert Grimm
Messages: 6
Registered: May 2012
Karma: 0
|
Junior Member |
|
|
On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>> I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>
>> $dir = is_dir("/var/www/document_repository");
>>
>> Ultimately, I'm trying to get OpenDocMan working. That this test code
>> fails shows why I can't get OpenDocMan working. I've tried everything I
>> can think of. I've added a trailing /. I've put the directory in and out
>> of the OpenDocMan directory, which has a directory definition in the
>> Apache config. The user apache owns and has full access to the
>> directory. I tested to make sure PHP was being run by apache with
>> passthru("whoami");
>>
>> I posted my site configuration and phpinfo() output at
>> http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
>> the page as of right now.
>>
>> What is really strange is that my test code works when I run it from the
>> command line.
>>
>> This is a recent, clean install of CentOS. I have done no customization
>> of the configuration files beyond defining the site in Apache. The site
>> configuration has no PHP directives, as can be seen in the forum post
>> linked above. What is going on? What do I have to do to get this working?
>>
>
> Does the web server's user have access to the directory?
The web server's user has ownership and read, write, and execute
permissions on that directory.
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178220 is a reply to message #178219] |
Wed, 23 May 2012 18:04 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 5/23/2012 1:24 PM, Robert Grimm wrote:
> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>
>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>> I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>>
>>> $dir = is_dir("/var/www/document_repository");
>>>
>>> Ultimately, I'm trying to get OpenDocMan working. That this test code
>>> fails shows why I can't get OpenDocMan working. I've tried everything I
>>> can think of. I've added a trailing /. I've put the directory in and out
>>> of the OpenDocMan directory, which has a directory definition in the
>>> Apache config. The user apache owns and has full access to the
>>> directory. I tested to make sure PHP was being run by apache with
>>> passthru("whoami");
>>>
>>> I posted my site configuration and phpinfo() output at
>>> http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
>>> the page as of right now.
>>>
>>> What is really strange is that my test code works when I run it from the
>>> command line.
>>>
>>> This is a recent, clean install of CentOS. I have done no customization
>>> of the configuration files beyond defining the site in Apache. The site
>>> configuration has no PHP directives, as can be seen in the forum post
>>> linked above. What is going on? What do I have to do to get this
>>> working?
>>>
>>
>> Does the web server's user have access to the directory?
>
> The web server's user has ownership and read, write, and execute
> permissions on that directory.
OK, but IIRC, CentOS uses SELinux security contexts. Is that set up to
allow access to the directory (warning - I know very little about how
SELinux security works - just that it causes hassles like this).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178223 is a reply to message #178220] |
Wed, 23 May 2012 19:17 |
Robert Heller
Messages: 60
Registered: December 2010
Karma: 0
|
Member |
|
|
At Wed, 23 May 2012 14:04:37 -0400 Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>
> On 5/23/2012 1:24 PM, Robert Grimm wrote:
>> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>>
>>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>>> I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>>>
>>>> $dir = is_dir("/var/www/document_repository");
>>>>
>>>> Ultimately, I'm trying to get OpenDocMan working. That this test code
>>>> fails shows why I can't get OpenDocMan working. I've tried everything I
>>>> can think of. I've added a trailing /. I've put the directory in and out
>>>> of the OpenDocMan directory, which has a directory definition in the
>>>> Apache config. The user apache owns and has full access to the
>>>> directory. I tested to make sure PHP was being run by apache with
>>>> passthru("whoami");
>>>>
>>>> I posted my site configuration and phpinfo() output at
>>>> http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
>>>> the page as of right now.
>>>>
>>>> What is really strange is that my test code works when I run it from the
>>>> command line.
>>>>
>>>> This is a recent, clean install of CentOS. I have done no customization
>>>> of the configuration files beyond defining the site in Apache. The site
>>>> configuration has no PHP directives, as can be seen in the forum post
>>>> linked above. What is going on? What do I have to do to get this
>>>> working?
>>>>
>>>
>>> Does the web server's user have access to the directory?
>>
>> The web server's user has ownership and read, write, and execute
>> permissions on that directory.
>
> OK, but IIRC, CentOS uses SELinux security contexts. Is that set up to
> allow access to the directory (warning - I know very little about how
> SELinux security works - just that it causes hassles like this).
There is also the possiblity that the apache (most likely) and/or php
configuration might prevent a php web application from accessing disk
space outside of under DOCUMENT_ROOT. The base default DocumentRoot
for a CentOS install of apache (httpd rpm) is /var/www/html and
/var/www/document_repository is outside of that directory... I am not
sure if this is an apache or php configuration. I *suspect* that the
default is to disallow a php program running under apache's PHP_MOD
from accessing files, unless apache is allowing it. By default apache
disallows access to the root file system (from httpd.conf):
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
(This directive is followed by others granting various sorts of access
to selected directories.)
This is a sensible securirty setting. You might have to add the
necessary 'magic' to httpd.conf or add a config file to
/etc/httpd/conf.d to allow access to /var/www/document_repository, with
a suitable <Directory /var/www/document_repository>...</Directory>
container.
>
--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178224 is a reply to message #178223] |
Wed, 23 May 2012 20:13 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 5/23/2012 3:17 PM, Robert Heller wrote:
> At Wed, 23 May 2012 14:04:37 -0400 Jerry Stuckle<jstucklex(at)attglobal(dot)net> wrote:
>
>>
>> On 5/23/2012 1:24 PM, Robert Grimm wrote:
>>> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>>>
>>>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>>> > I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>>> >
>>>> > $dir = is_dir("/var/www/document_repository");
>>>> >
>>>> > Ultimately, I'm trying to get OpenDocMan working. That this test code
>>>> > fails shows why I can't get OpenDocMan working. I've tried everything I
>>>> > can think of. I've added a trailing /. I've put the directory in and out
>>>> > of the OpenDocMan directory, which has a directory definition in the
>>>> > Apache config. The user apache owns and has full access to the
>>>> > directory. I tested to make sure PHP was being run by apache with
>>>> > passthru("whoami");
>>>> >
>>>> > I posted my site configuration and phpinfo() output at
>>>> > http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
>>>> > the page as of right now.
>>>> >
>>>> > What is really strange is that my test code works when I run it from the
>>>> > command line.
>>>> >
>>>> > This is a recent, clean install of CentOS. I have done no customization
>>>> > of the configuration files beyond defining the site in Apache. The site
>>>> > configuration has no PHP directives, as can be seen in the forum post
>>>> > linked above. What is going on? What do I have to do to get this
>>>> > working?
>>>> >
>>>>
>>>> Does the web server's user have access to the directory?
>>>
>>> The web server's user has ownership and read, write, and execute
>>> permissions on that directory.
>>
>> OK, but IIRC, CentOS uses SELinux security contexts. Is that set up to
>> allow access to the directory (warning - I know very little about how
>> SELinux security works - just that it causes hassles like this).
>
> There is also the possiblity that the apache (most likely) and/or php
> configuration might prevent a php web application from accessing disk
> space outside of under DOCUMENT_ROOT. The base default DocumentRoot
> for a CentOS install of apache (httpd rpm) is /var/www/html and
> /var/www/document_repository is outside of that directory... I am not
> sure if this is an apache or php configuration. I *suspect* that the
> default is to disallow a php program running under apache's PHP_MOD
> from accessing files, unless apache is allowing it. By default apache
> disallows access to the root file system (from httpd.conf):
>
When accessing the file system from PHP, Apache is not involved at all,
and its configuration is immaterial.
> #
> # Each directory to which Apache has access can be configured with respect
> # to which services and features are allowed and/or disabled in that
> # directory (and its subdirectories).
> #
> # First, we configure the "default" to be a very restrictive set of
> # features.
> #
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> (This directive is followed by others granting various sorts of access
> to selected directories.)
>
> This is a sensible securirty setting. You might have to add the
> necessary 'magic' to httpd.conf or add a config file to
> /etc/httpd/conf.d to allow access to /var/www/document_repository, with
> a suitable<Directory /var/www/document_repository>...</Directory>
> container.
>
>>
>
And unrelated to this problem. Actually, since the directory is outside
of the DOCUMENT_ROOT, this isn't even necessary (and has no effect).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178227 is a reply to message #178223] |
Wed, 23 May 2012 20:39 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Robert Heller wrote:
>> On 5/23/2012 1:24 PM, Robert Grimm wrote:
>>> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>>>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>>> > I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>>> >
>>>> > $dir = is_dir("/var/www/document_repository");
>>>> >
>>>> > Ultimately, I'm trying to get OpenDocMan working. That this test code
>>>> > fails shows why I can't get OpenDocMan working. I've tried everything
>>>> > I can think of. I've added a trailing /. I've put the directory in
>>>> > and out of the OpenDocMan directory, which has a directory definition
>>>> > in the Apache config. The user apache owns and has full access to the
>>>> > directory. I tested to make sure PHP was being run by apache with
>>>> > passthru("whoami");
What was not tried is to read and interpret the error message that this call
prints (either in the browser or in the log file). It should be something
along the lines "open_basedir restriction in effect".
> […]
> There is also the possiblity that the apache (most likely) and/or php
> configuration might prevent a php web application from accessing disk
> space outside of under DOCUMENT_ROOT. The base default DocumentRoot
> for a CentOS install of apache (httpd rpm) is /var/www/html and
> /var/www/document_repository is outside of that directory... I am not
> sure if this is an apache or php configuration.
It is a PHP configuration setting.
<http://php.net/open_basedir>
> I *suspect* that the default is to disallow a php program running under
> apache's PHP_MOD from accessing files, unless apache is allowing it.
Wrong. Apache configuration files only come into play when HTTP is used
from PHP, such as with fopen_url wrappers, like require('http://localhost/')
– for whatever reason), but that is not the case here either.
> By default apache disallows access to the root file system (from
> httpd.conf):
Which PHP, as it is only executed in this case when Apache runs it, could
not care less about, except when it contains `php_*' directives or includes
files containing them:
<http://php.net/php_value>
PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178228 is a reply to message #178223] |
Wed, 23 May 2012 20:44 |
Robert Grimm
Messages: 6
Registered: May 2012
Karma: 0
|
Junior Member |
|
|
On 2012-05-23 19:17:58 +0000, Robert Heller said:
> At Wed, 23 May 2012 14:04:37 -0400 Jerry Stuckle
> <jstucklex(at)attglobal(dot)net> wrote:
>
>>
>> On 5/23/2012 1:24 PM, Robert Grimm wrote:
>>> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>>>
>>>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>>> > ...
> There is also the possiblity that the apache (most likely) and/or php
> configuration might prevent a php web application from accessing disk
> space outside of under DOCUMENT_ROOT. The base default DocumentRoot
> for a CentOS install of apache (httpd rpm) is /var/www/html and
> /var/www/document_repository is outside of that directory... I am not
> sure if this is an apache or php configuration. I *suspect* that the
> default is to disallow a php program running under apache's PHP_MOD
> from accessing files, unless apache is allowing it. By default apache
> disallows access to the root file system (from httpd.conf):
>
> #
> # Each directory to which Apache has access can be configured with respect
> # to which services and features are allowed and/or disabled in that
> # directory (and its subdirectories).
> #
> # First, we configure the "default" to be a very restrictive set of
> # features.
> #
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> (This directive is followed by others granting various sorts of access
> to selected directories.)
>
> This is a sensible securirty setting. You might have to add the
> necessary 'magic' to httpd.conf or add a config file to
> /etc/httpd/conf.d to allow access to /var/www/document_repository, with
> a suitable <Directory /var/www/document_repository>...</Directory>
> container.
Since PHP doesn't care about what directories Apache knows about, this
couldn't be the case, though just for fun, I have tried accounting for
that. The directory I'm trying to access has been inside the site
directory.
|
|
|
|
| Re: is_dir true from cli, false from Apache [message #178230 is a reply to message #178220] |
Wed, 23 May 2012 20:48 |
Robert Grimm
Messages: 6
Registered: May 2012
Karma: 0
|
Junior Member |
|
|
On 2012-05-23 18:04:37 +0000, Jerry Stuckle said:
> On 5/23/2012 1:24 PM, Robert Grimm wrote:
>> On 2012-05-23 17:10:31 +0000, Jerry Stuckle said:
>>
>>> On 5/23/2012 12:45 PM, Robert Grimm wrote:
>>>> I'm having trouble on CentOS 6 with PHP5. This is my test code:
>>>>
>>>> $dir = is_dir("/var/www/document_repository");
>>>>
>>>> Ultimately, I'm trying to get OpenDocMan working. That this test code
>>>> fails shows why I can't get OpenDocMan working. I've tried everything I
>>>> can think of. I've added a trailing /. I've put the directory in and out
>>>> of the OpenDocMan directory, which has a directory definition in the
>>>> Apache config. The user apache owns and has full access to the
>>>> directory. I tested to make sure PHP was being run by apache with
>>>> passthru("whoami");
>>>>
>>>> I posted my site configuration and phpinfo() output at
>>>> http://opendocman.com/forum/viewtopic.php?f=4&t=667 in the last post on
>>>> the page as of right now.
>>>>
>>>> What is really strange is that my test code works when I run it from the
>>>> command line.
>>>>
>>>> This is a recent, clean install of CentOS. I have done no customization
>>>> of the configuration files beyond defining the site in Apache. The site
>>>> configuration has no PHP directives, as can be seen in the forum post
>>>> linked above. What is going on? What do I have to do to get this
>>>> working?
>>>>
>>>
>>> Does the web server's user have access to the directory?
>>
>> The web server's user has ownership and read, write, and execute
>> permissions on that directory.
>
> OK, but IIRC, CentOS uses SELinux security contexts. Is that set up to
> allow access to the directory (warning - I know very little about how
> SELinux security works - just that it causes hassles like this).
I see no sign that SELinux is installed on the system.
|
|
|
|
|
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]