> > Hi Jasper, > > This is a bit off topic, but a point to think about. A small point to > consider. Generally it is a bad idea to let the webserver write files in > the documentroot. (There are exceptions, like updating webapps or such, and > even then it is questionable whether that is a good idea). Admittedly I am > no SELinux expert, but it just might be the default policy prohibits > writing temp, or data, files in the documentroot. > Apart from that, by turning SELinux to no enforcing on a webserver is, > given the fact that webserver are usually directly connected to the > internet, and not taking other measures, is inviting trouble. > I do hope your site won't fall prey to malicious attacks. Ok yes you do make a valid point. True, this is a hobby server on the amazon free tier that I am using to learn PHP (and some other languages potentially down the road) I still want to keep security in mind. So I will look into getting this to work with SELinux turned back on. Again, no great loss if the whole server goes belly up. But it's still nice to have around. Thanks Tim On Mon, Dec 29, 2014 at 2:10 PM, Jasper Kips <jasper@xxxxxxxxxxxxx> wrote: > > > > Op 28 dec. 2014 om 20:34 heeft Tim Dunphy <bluethundr@xxxxxxxxx> het > volgende geschreven: > > > > Hey guys, > > > > I found the issue. The problem was that I'm on CentOS and I was using > > SELinux!! Well I'm not much of an SELinux user. So I just turned it off > > like this: > > > > [root@web1:/var/www/php-webdev] #setenforce 0 > > [root@web1:/var/www/php-webdev] # > > > > [root@web1:/var/www/php-webdev] #getenforce > > Permissive > > [root@web1:/var/www/php-webdev] # > > > > And now the script works as designed: > > > > Bob’s Auto PartsOrder Results > > > > Order processed at 14:31, 28th December 2014 > > > > Your order is as follows: > > Items ordered: 8 > > 1 tires > > 2 bottles of oil > > 5 spark plugs > > > > Total of order is $140.00 > > > > Address to ship to is 39 Carmen Court > > > > Order written. > > > > Thanks for your suggestion! But I'm glad that did it! > > > > Tim > > > >> On Sun, Dec 28, 2014 at 1:34 PM, Tim Dunphy <bluethundr@xxxxxxxxx> > wrote: > >> > >> Hi James, > >> > >> Ok, so I tried taking your advice. And set the mode and group > accordingly: > >> > >> [root@web1:~] #ls -lh /var/www/php-webdev/orders/orders.txt > >> -rw-r--r--. 1 apache users 0 Dec 27 21:47 > >> /var/www/php-webdev/orders/orders.txt > >> > >> However the result didn't change. I get the same failure when trying to > >> write to the file: > >> > >> *Warning*: fopen(/var/www/php-webdev/orders/orders.txt): failed to open > >> stream: Permission denied in > */var/www/php-webdev/ch01/processorder.php* on > >> line *50* > >> > >> Thanks > >> Tim > >> > >>> On Sun, Dec 28, 2014 at 1:27 PM, James Moe <jimoe@xxxxxxxxxxxxxx> > wrote: > >>> > >>>> On 12/28/2014 11:03 AM, Tim Dunphy wrote: > >>>> -rwxr-xr-x. 1 apache apache 0 Dec 27 21:47 > >>>> /var/www/php-webdev/orders/orders.txt > >>> Is there a reason why it is marked as an executable? Such files are > >>> normally 0644 or 0664. > >>> > >>> Another option is to set the group to "users" and add apache to that > >>> group. > >>> > >>> -- > >>> James Moe > >>> jmm-list at sohnen-moe dot com > >>> > >>> -- > >>> PHP General Mailing List (http://www.php.net/) > >>> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > >> -- > >> GPG me!! > >> > >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > > > > -- > > GPG me!! > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > Hi Tim, > This is a bit off topic, but a point to think about. A small point to > consider. Generally it is a bad idea to let the webserver write files in > the documentroot. (There are exceptions, like updating webapps or such, and > even then it is questionable whether that is a good idea). Admittedly I am > no SELinux expert, but it just might be the default policy prohibits > writing temp, or data, files in the documentroot. > Apart from that, by turning SELinux to no enforcing on a webserver is, > given the fact that webserver are usually directly connected to the > internet, and not taking other measures, is inviting trouble. > I do hope your site won't fall prey to malicious attacks. > > Jasper > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
