尽管使用 PHP 具有适当的权限,但权限被拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6941282/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Permission denied despite appropriate permissions using PHP
提问by Max
I'm trying to read a file in PHP and I'm getting a permission denied error although everybody has read access to the file.
我正在尝试在 PHP 中读取文件,尽管每个人都对该文件具有读访问权限,但我收到了权限被拒绝的错误。
The PHP code:
PHP代码:
$config=file_get_contents('/opt/jenkins/home/config.xml');
The error:
错误:
Warning: file_get_contents(/opt/jenkins/home/config.xml): failed to open stream: Permission denied in [...]
The filesystem permission:
文件系统权限:
There is a symlink pointing /opt/jenkins/home/to /var/lib/jenkinsand everybody has read permission on the symlink, actual folder, and file.
有指向一个符号链接/opt/jenkins/home/到/var/lib/jenkins,每个人都具有读取权限的符号链接,实际文件夹和文件。
$ ls -lh /opt/jenkins/
lrwxrwxrwx 1 sysadmin sysadmin 16 2011-08-04 08:12 home -> /var/lib/jenkins
$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins
$ ls -lh /var/lib/jenkins/config.xml
-rwxr-xr-- 1 jenkins adm 3.9K 2011-08-04 10:05 /var/lib/jenkins/config.xml
Apache configuration
阿帕奇配置
Configured to folllow symlinks (Options All). Adding a Directorydirective for /var/lib/jenkins/makes no difference.
配置为遵循符号链接 ( Options All)。添加Directory指令/var/lib/jenkins/没有区别。
<Directory /opt/jenkins/home/>
Options All
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
Additional info
附加信息
Whether I use the path through the symlink ("/opt/jenkins/home/config.xml") or the real path ("/var/lib/jenkins/config.xml") I have the same problem.
无论我使用通过符号链接 ( "/opt/jenkins/home/config.xml") 的路径还是真实路径 ( "/var/lib/jenkins/config.xml") 我都有同样的问题。
apache2 version=2.2.14-5ubuntu8.4
php version=5.3.2-1ubuntu4.9
Any idea as to why I'm getting the error?
知道为什么我收到错误吗?
采纳答案by netcoder
Your directory needs executepermission for this to work. It does not seem to have world execute, and since jenkinsis probably not the apache user, and the apache user is not in the admgroup, it wouldn't work:
您的目录需要execute权限才能工作。它似乎没有执行世界,因为jenkins可能不是 apache 用户,而且 apache 用户不在adm组中,所以它不起作用:
$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins
Per example:
每个例子:
netcoder@netcoder:~$ mkdir foo
netcoder@netcoder:~$ echo hello > foo/bar
netcoder@netcoder:~$ chmod 777 foo/bar
netcoder@netcoder:~$ ls -lsah foo/bar
4.0K -rwxrwxrwx 1 netcoder netcoder 6 2011-08-04 08:22 foo/bar
netcoder@netcoder:~$ chmod 444 foo/
netcoder@netcoder:~$ ls -lsah | grep foo
4.0K dr--r--r-- 2 netcoder netcoder 4.0K 2011-08-04 08:22 foo
netcoder@netcoder:~$ cat foo/bar
cat: foo/bar: Permission denied
Even though foo/barhas 0777permission, if the directory does not have the execute permission, reading its contents is denied.
即使foo/bar有0777权限,如果目录没有执行权限,则拒绝读取其内容。
You'll need the permission to be set for both the target directory and the symbolic link.
您需要为目标目录和符号链接设置权限。
回答by Mat
You need the execute bit set on all directories in the hierarchy up to that file.
您需要在层次结构中的所有目录上设置执行位,直到该文件。
chmod o+x /var/lib/jenkins
should do the trick.
应该做的伎俩。
(Note: ls -lhd /var/lib/jenkinsis a bit better than ls -lh ...|grep jenkins)
(注:ls -lhd /var/lib/jenkins比 好一点ls -lh ...|grep jenkins)
回答by jpschroeder
Lots of modern boxes (digital ocean, rackspace etc) ship with SELinux (Security Enhanced Linux) for RedHat compatible OSs (like CentOS). This throws another wrench into the works which you need to keep in mind. You can have your permissions perfectlyset and it will still say permission denied. You need to define a writable context for SELinux:
许多现代机器(数字海洋、机架空间等)都带有用于 RedHat 兼容操作系统(如 CentOS)的 SELinux(安全增强型 Linux)。这将另一个扳手投入到您需要牢记的工作中。您可以完美设置您的权限,但它仍然会说权限被拒绝。你需要为 SELinux 定义一个可写的上下文:
sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite -R
sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite -R
回答by mimoralea
Most likely your apache user is not allowed to read or access the web files
很可能您的 apache 用户不被允许读取或访问网络文件
Check what user is apache running as:
$ ps aux | grep [a]pache root 40283 0.0 0.2 472548 21116 ? Ss 14:38 0:00 /usr/sbin/apache2 -k start www-data 40287 0.0 0.1 472760 8800 ? S 14:38 0:00 /usr/sbin/apache2 -k start www-data 40288 0.0 0.1 472760 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k start www-data 40289 0.0 0.1 472776 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k startCheck the path ownership of your web files:
$ namei -mol /home/john/app2/ f: /home/john/app2/ drwxr-xr-x root root / drwxr-xr-x root root home drwx------ john john john # <== Ahaa, no access for apache user! drwxr-xr-x john john john app2Adjust permissions accordingly:
检查 apache 运行的用户身份:
$ ps aux | grep [a]pache root 40283 0.0 0.2 472548 21116 ? Ss 14:38 0:00 /usr/sbin/apache2 -k start www-data 40287 0.0 0.1 472760 8800 ? S 14:38 0:00 /usr/sbin/apache2 -k start www-data 40288 0.0 0.1 472760 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k start www-data 40289 0.0 0.1 472776 8540 ? S 14:38 0:00 /usr/sbin/apache2 -k start检查您的网络文件的路径所有权:
$ namei -mol /home/john/app2/ f: /home/john/app2/ drwxr-xr-x root root / drwxr-xr-x root root home drwx------ john john john # <== Ahaa, no access for apache user! drwxr-xr-x john john john app2相应地调整权限:
Well in this step I will leave it up to you, you can either (a)the make apache user 'john' in this example. Or you could (b)move the web folder to a place outsidehome. Where the execute access can be given to the group or to even others without breaking security good practices.
好吧,在这一步中,我将把它留给您,您可以(a)在此示例中使用 make apache 用户“john”。或者您可以(b)将 Web 文件夹移动到家外的地方。可以在不破坏安全良好实践的情况下将执行访问权限授予组甚至其他人。
a. Make apache user john (ONLY FOR DEV SITES or if you know what you are doing)
一种。使 apache 用户成为 john(仅适用于开发站点或如果您知道自己在做什么)
sudo vi /etc/apache2/envars
# replace
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# with
export APACHE_RUN_USER=john
export APACHE_RUN_GROUP=john
b. Move that folder out of home... what is it doing there anyways?
湾 将该文件夹移出家...它在那里做什么?
sudo mv /home/john/app2 /var/www/
Remember to change the site to match this directory and to restart the apache server.
请记住更改站点以匹配此目录并重新启动apache服务器。
Here are some references:
以下是一些参考:
https://wiki.apache.org/httpd/13PermissionDenied
https://wiki.apache.org/httpd/13PermissionDenied
