On Mon, Dec 29, 2014 at 2:26 PM, Tim Dunphy <bluethundr@xxxxxxxxx> wrote: > > > > Hi Jasper, > > > > > > This is a bit off topic, but a point to think about. A small point to > > consider. Generally it is a bad idea to let the webserver write files in > > the documentroot. (There are exceptions, like updating webapps or such, > and > > even then it is questionable whether that is a good idea). Admittedly I > am > > no SELinux expert, but it just might be the default policy prohibits > > writing temp, or data, files in the documentroot. > > Apart from that, by turning SELinux to no enforcing on a webserver is, > > given the fact that webserver are usually directly connected to the > > internet, and not taking other measures, is inviting trouble. > > I do hope your site won't fall prey to malicious attacks. > > > Ok yes you do make a valid point. True, this is a hobby server on the > amazon free tier that I am using to learn PHP (and some other languages > potentially down the road) I still want to keep security in mind. So I will > look into getting this to work with SELinux turned back on. Again, no great > loss if the whole server goes belly up. But it's still nice to have around. > > Thanks > Tim > > On Mon, Dec 29, 2014 at 2:10 PM, Jasper Kips <jasper@xxxxxxxxxxxxx> wrote: > > > > > > > > Op 28 dec. 2014 om 20:34 heeft Tim Dunphy <bluethundr@xxxxxxxxx> het > > volgende geschreven: > > > > > > Hey guys, > > > > > > I found the issue. The problem was that I'm on CentOS and I was using > > > SELinux!! Well I'm not much of an SELinux user. So I just turned it off > > > like this: > > > > > > [root@web1:/var/www/php-webdev] #setenforce 0 > > > [root@web1:/var/www/php-webdev] # > > > > > > [root@web1:/var/www/php-webdev] #getenforce > > > Permissive > > > [root@web1:/var/www/php-webdev] # > > > > > > And now the script works as designed: > > > > > > Bob’s Auto PartsOrder Results > > > > > > Order processed at 14:31, 28th December 2014 > > > > > > Your order is as follows: > > > Items ordered: 8 > > > 1 tires > > > 2 bottles of oil > > > 5 spark plugs > > > > > > Total of order is $140.00 > > > > > > Address to ship to is 39 Carmen Court > > > > > > Order written. > > > > > > Thanks for your suggestion! But I'm glad that did it! > > > > > > Tim > > > > > >> On Sun, Dec 28, 2014 at 1:34 PM, Tim Dunphy <bluethundr@xxxxxxxxx> > > wrote: > > >> > > >> Hi James, > > >> > > >> Ok, so I tried taking your advice. And set the mode and group > > accordingly: > > >> > > >> [root@web1:~] #ls -lh /var/www/php-webdev/orders/orders.txt > > >> -rw-r--r--. 1 apache users 0 Dec 27 21:47 > > >> /var/www/php-webdev/orders/orders.txt > > >> > > >> However the result didn't change. I get the same failure when trying > to > > >> write to the file: > > >> > > >> *Warning*: fopen(/var/www/php-webdev/orders/orders.txt): failed to > open > > >> stream: Permission denied in > > */var/www/php-webdev/ch01/processorder.php* on > > >> line *50* > > >> > > >> Thanks > > >> Tim > > >> > > >>> On Sun, Dec 28, 2014 at 1:27 PM, James Moe <jimoe@xxxxxxxxxxxxxx> > > wrote: > > >>> > > >>>> On 12/28/2014 11:03 AM, Tim Dunphy wrote: > > >>>> -rwxr-xr-x. 1 apache apache 0 Dec 27 21:47 > > >>>> /var/www/php-webdev/orders/orders.txt > > >>> Is there a reason why it is marked as an executable? Such files are > > >>> normally 0644 or 0664. > > >>> > > >>> Another option is to set the group to "users" and add apache to that > > >>> group. > > >>> > > >>> -- > > >>> James Moe > > >>> jmm-list at sohnen-moe dot com > > >>> > > >>> -- > > >>> PHP General Mailing List (http://www.php.net/) > > >>> To unsubscribe, visit: http://www.php.net/unsub.php > > >> > > >> > > >> -- > > >> GPG me!! > > >> > > >> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > > > > > > > -- > > > GPG me!! > > > > > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > > Hi Tim, > > This is a bit off topic, but a point to think about. A small point to > > consider. Generally it is a bad idea to let the webserver write files in > > the documentroot. (There are exceptions, like updating webapps or such, > and > > even then it is questionable whether that is a good idea). Admittedly I > am > > no SELinux expert, but it just might be the default policy prohibits > > writing temp, or data, files in the documentroot. > > Apart from that, by turning SELinux to no enforcing on a webserver is, > > given the fact that webserver are usually directly connected to the > > internet, and not taking other measures, is inviting trouble. > > I do hope your site won't fall prey to malicious attacks. > > > > Jasper > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > Could be caused by the user rw permissions: http://unix.stackexchange.com/questions/50639/httpd-cant-write-to-folder-file-because-of-selinux
