Permission denied despite appropriate permissions using PHP

php apache file permissions

34,541

Solution 1

Your directory needs execute permission for this to work. It does not seem to have world execute, and since jenkins is probably not the apache user, and the apache user is not in the adm group, it wouldn't work:

$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm     4.0K 2011-08-04 10:04 jenkins

Per example:

netcoder@netcoder:~$ mkdir foo
netcoder@netcoder:~$ echo hello > foo/bar
netcoder@netcoder:~$ chmod 777 foo/bar
netcoder@netcoder:~$ ls -lsah foo/bar 
4.0K -rwxrwxrwx 1 netcoder netcoder 6 2011-08-04 08:22 foo/bar
netcoder@netcoder:~$ chmod 444 foo/
netcoder@netcoder:~$ ls -lsah | grep foo
4.0K dr--r--r--  2 netcoder netcoder 4.0K 2011-08-04 08:22 foo
netcoder@netcoder:~$ cat foo/bar 
cat: foo/bar: Permission denied

Even though foo/bar has 0777 permission, if the directory does not have the execute permission, reading its contents is denied.

You'll need the permission to be set for both the target directory and the symbolic link.

Solution 2

You need the execute bit set on all directories in the hierarchy up to that file.

chmod o+x /var/lib/jenkins

should do the trick.

(Note: ls -lhd /var/lib/jenkins is a bit better than ls -lh ...|grep jenkins)

Solution 3

Lots of modern boxes (digital ocean, rackspace etc) ship with SELinux (Security Enhanced Linux) for RedHat compatible OSs (like CentOS). This throws another wrench into the works which you need to keep in mind. You can have your permissions perfectly set and it will still say permission denied. You need to define a writable context for SELinux:

sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite -R

34,541

Author by

Max

Analytics consultant available for hire. More info: https://maxcorbeau.com

Updated on June 28, 2020

Comments

Max almost 4 years

I'm trying to read a file in PHP and I'm getting a permission denied error although everybody has read access to the file.

The PHP code:

$config=file_get_contents('/opt/jenkins/home/config.xml');

The error:

Warning: file_get_contents(/opt/jenkins/home/config.xml): failed to open stream: Permission denied in [...]

The filesystem permission:

There is a symlink pointing /opt/jenkins/home/ to /var/lib/jenkins and everybody has read permission on the symlink, actual folder, and file.

$ ls -lh /opt/jenkins/
lrwxrwxrwx 1 sysadmin sysadmin   16 2011-08-04 08:12 home -> /var/lib/jenkins

$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm     4.0K 2011-08-04 10:04 jenkins

$ ls -lh /var/lib/jenkins/config.xml
-rwxr-xr-- 1 jenkins adm 3.9K 2011-08-04 10:05 /var/lib/jenkins/config.xml

Apache configuration

Configured to folllow symlinks (Options All). Adding a Directory directive for /var/lib/jenkins/ makes no difference.

<Directory /opt/jenkins/home/>
        Options All
        AllowOverride All
        Order Allow,Deny
        Allow from All
</Directory>

Additional info

Whether I use the path through the symlink ("/opt/jenkins/home/config.xml") or the real path ("/var/lib/jenkins/config.xml") I have the same problem.

apache2 version=2.2.14-5ubuntu8.4
php version=5.3.2-1ubuntu4.9

Any idea as to why I'm getting the error?

Clement Herreman almost 13 years

So he need to set the execute right on the real dir, or on the symlink ?
Clement Herreman almost 13 years

It must be set on both, or on the one he uses in his file_get_contents() ?
netcoder almost 13 years

/opt/jenkins/home/ is the symbolic link, it must have execute permission. /var/lib/jenkins/ is the symbolic link target, it also must have execute permission. Since he's reading /opt/jenkins/home/config.xml (it's in the /opt/jenkins/home/ directory), both the target and the symlink requires execute permission. If he was reading directly from /var/lib/jenkins/, he wouldn't need execute permission on the symlink, obviously.
howeroc about 12 years

I had to set permissions on the whole directory tree containing the target file for it to work.