Permission denied despite appropriate permissions using PHP
Solution 1
Your directory needs execute
permission for this to work. It does not seem to have world execute, and since jenkins
is probably not the apache user, and the apache user is not in the adm
group, it wouldn't work:
$ ls -lh /var/lib/ | grep jenkins
drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins
Per example:
netcoder@netcoder:~$ mkdir foo
netcoder@netcoder:~$ echo hello > foo/bar
netcoder@netcoder:~$ chmod 777 foo/bar
netcoder@netcoder:~$ ls -lsah foo/bar
4.0K -rwxrwxrwx 1 netcoder netcoder 6 2011-08-04 08:22 foo/bar
netcoder@netcoder:~$ chmod 444 foo/
netcoder@netcoder:~$ ls -lsah | grep foo
4.0K dr--r--r-- 2 netcoder netcoder 4.0K 2011-08-04 08:22 foo
netcoder@netcoder:~$ cat foo/bar
cat: foo/bar: Permission denied
Even though foo/bar
has 0777
permission, if the directory does not have the execute permission, reading its contents is denied.
You'll need the permission to be set for both the target directory and the symbolic link.
Solution 2
You need the execute bit set on all directories in the hierarchy up to that file.
chmod o+x /var/lib/jenkins
should do the trick.
(Note: ls -lhd /var/lib/jenkins
is a bit better than ls -lh ...|grep jenkins
)
Solution 3
Lots of modern boxes (digital ocean, rackspace etc) ship with SELinux (Security Enhanced Linux) for RedHat compatible OSs (like CentOS). This throws another wrench into the works which you need to keep in mind. You can have your permissions perfectly set and it will still say permission denied. You need to define a writable context for SELinux:
sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite -R
Max
Analytics consultant available for hire. More info: https://maxcorbeau.com
Updated on June 28, 2020Comments
-
Max almost 4 years
I'm trying to read a file in PHP and I'm getting a permission denied error although everybody has read access to the file.
The PHP code:
$config=file_get_contents('/opt/jenkins/home/config.xml');
The error:
Warning: file_get_contents(/opt/jenkins/home/config.xml): failed to open stream: Permission denied in [...]
The filesystem permission:
There is a symlink pointing
/opt/jenkins/home/
to/var/lib/jenkins
and everybody has read permission on the symlink, actual folder, and file.$ ls -lh /opt/jenkins/ lrwxrwxrwx 1 sysadmin sysadmin 16 2011-08-04 08:12 home -> /var/lib/jenkins $ ls -lh /var/lib/ | grep jenkins drwxr-xr-- 6 jenkins adm 4.0K 2011-08-04 10:04 jenkins $ ls -lh /var/lib/jenkins/config.xml -rwxr-xr-- 1 jenkins adm 3.9K 2011-08-04 10:05 /var/lib/jenkins/config.xml
Apache configuration
Configured to folllow symlinks (
Options All
). Adding aDirectory
directive for/var/lib/jenkins/
makes no difference.<Directory /opt/jenkins/home/> Options All AllowOverride All Order Allow,Deny Allow from All </Directory>
Additional info
Whether I use the path through the symlink (
"/opt/jenkins/home/config.xml"
) or the real path ("/var/lib/jenkins/config.xml"
) I have the same problem.apache2 version=2.2.14-5ubuntu8.4 php version=5.3.2-1ubuntu4.9
Any idea as to why I'm getting the error?
-
Clement Herreman almost 13 yearsSo he need to set the execute right on the real dir, or on the symlink ?
-
Clement Herreman almost 13 yearsIt must be set on both, or on the one he uses in his
file_get_contents()
? -
netcoder almost 13 years
/opt/jenkins/home/
is the symbolic link, it must have execute permission./var/lib/jenkins/
is the symbolic link target, it also must have execute permission. Since he's reading/opt/jenkins/home/config.xml
(it's in the/opt/jenkins/home/
directory), both the target and the symlink requires execute permission. If he was reading directly from/var/lib/jenkins/
, he wouldn't need execute permission on the symlink, obviously. -
howeroc about 12 yearsI had to set permissions on the whole directory tree containing the target file for it to work.