Wednesday, March 22, 2017

filesystems - PHP can't save sessions due to permission error



I know that this question must have been asked (and answered) before, but I can't find a solution for my problem in any of those questions. It's a bit odd... The problem is that my PHP scripts (and my Apache server) cannot write to folders on my system. Not at all.



For example, I get the following error while running a script:





Fatal error: Uncaught exception 'Zend_Session_Exception' with message
'Zend_Session::start() -
/var/www/subdomains/vmb/vendor/zendframework/zendframework1/library/Zend/Session.php(Line:482):
Error #2 session_start():
open(/var/www/subdomains/vmb/application/../var/session/sess_ingph33ir4shr1e60kkifp37s7,
O_RDWR) failed: Permission denied (13)





I have a VPS with CentOS 7, Apache2.4, PHP5.6 (which runs with the apache php mod) and some other stuff. Apache runs as user apache and group apache (as set in the httpd.conf file). I have set the session_path in both /etc/php.ini and /etc/httpd/conf.d/php.conf to /tmp/phpsessions and chown'd/chmod' this folder as apache:apache 777. The above example stores sessions in another folder (which is also chown'd/chmod' as apache:apache 777), but I get the same error for other folders.



So my apache server runs as apache:apache, I chownd the folders to apache:apache that I needed to and even with 777 permissions Apache fails to write to these folders.



Have you ever seen something like this? I haven't before...


Answer



assuming permissions and ownerships are OK, I believe this relates to SELinux.



Quick and dirty way: ... assuming you're getting Permissive while running getenforce, try disabling SELinux by running setenforce 0 and hit your script again, if it works then it was SELinux, from there you can either leave it disabled (not recommended) or turn it back on by running setenforce 1 and check your /var/log/audit/audit.log and work towards end solution.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...