PHP is_writable() 函数对于可写目录总是返回 false

2021-12-21 00:00:00 redhat amazon-ec2 linux php rhel7

我正在尝试在 Red Hat 7 Amazon EC2 实例 (ami-8cff51fb) 中安装基于 PHP 的软件包已经使用 yum 在其上安装了 Apache 2.4.6 和 PHP 5.4.16.安装失败,因为它说特定目录需要由具有 0755 或 0775 权限的网络服务器写入.

I'm trying to install a PHP-based software package in a Red Hat 7 Amazon EC2 instance (ami-8cff51fb) that has had Apache 2.4.6 and PHP 5.4.16 installed on it using yum. The installation fails because it says a particular directory needs to be writable by the webserver with 0755 or 0775 permissions.

有问题的目录具有 0775 权限,具有 root:apache 所有权.我已经验证 httpd 进程正在由 apache 用户运行,并且 apache 用户是 apache 组的成员.

The directory in question has 0775 permissions with root:apache ownership. I have verified that the httpd process is being run by the apache user and that the apache user is a member of the apache group.

如果我编辑 /etc/passwd 暂时给 apache 用户一个登录 shell,然后 su 到那个帐户,我可以手动创建文件作为 apache用户在目录中使用 touch 命令.

If I edit /etc/passwd to temporarily give the apache user a login shell and then su to that account, I am able to manually create files as the apache user within the directory using the touch command.

我查看了安装程序脚本的源代码,发现它失败了,因为 PHP 的 is_writable() 函数为相关目录返回 false.我创建了一个单独的测试 PHP 脚本来隔离和验证我看到的行为:

I took a look at the source code of the installer script and identified that it's failing because PHP's is_writable() function is returning false for the directory in question. I created a separate test PHP script to isolate and verify the behaviour I'm seeing:

<?php
  $dir = '/var/www/html/limesurvey/tmp';
  if (is_writable($dir)) {
    echo $dir, ' is writable';
  } else {
    echo $dir, ' is NOT writable';
  }
?>

这会输出不可写消息.如果我将上面的 $dir 更改为 /tmp 那么它会正确输出 /tmp 是可写的.

This outputs the NOT writable message. If I change $dir above to be /tmp then it correctly outputs that /tmp is writable.

如果我将目录权限更改为 0777 和/或将所有权更改为 apache:apache 然后 PHP 仍然报告该目录不可写.我什至尝试创建一个具有相同权限和所有权的 /test 目录,但我的测试脚本仍然报告它不可写.

If I change the directory permissions to 0777 and/or change the ownership to apache:apache then PHP still reports that the directory isn't writable. I even tried creating a /test directory set up with the same permissions and ownership and my test script still reports it as not writable.

我真的不知道如何解释这种行为,所以欢迎提出任何想法!

I'm really at a loss as to explain this behaviour, so any ideas would be welcome!

提前致谢.

/var/www/html/limesurvey 的目录列表如下.根据 Lime Survey 的安装说明,tmpupload 目录具有 0775 权限.test.php 是我上面提到的测试脚本.

The directory listing for /var/www/html/limesurvey is given below. The tmp and upload directories have 0775 permissions as per Lime Survey's installation instructions. test.php is my test script mentioned above.

[ec2-user@ip-xx-x-x-xxx limesurvey]$ pwd
/var/www/html/limesurvey
[ec2-user@ip-xx-x-x-xxx limesurvey]$ ls -al
total 80
drwxr-xr-x. 20 root apache 4096 Mar 30 11:25 .
drwxr-xr-x.  3 root root     23 Mar 25 14:41 ..
drwxr-xr-x.  2 root apache   38 Mar 10 12:56 admin
drwxr-xr-x. 16 root apache 4096 Mar 10 12:56 application
drwxr-xr-x.  3 root apache 4096 Mar 10 12:56 docs
drwxr-xr-x.  2 root apache 4096 Mar 10 12:56 fonts
drwxr-xr-x. 19 root apache 4096 Mar 10 12:56 framework
-rw-r--r--.  1 root apache  429 Mar 10 12:56 .gitattributes
-rw-r--r--.  1 root apache  399 Mar 10 12:56 .gitignore
-rw-r--r--.  1 root apache  296 Mar 10 12:56 .htaccess
drwxr-xr-x.  4 root apache 4096 Mar 10 12:56 images
-rw-r--r--.  1 root apache 6652 Mar 10 12:56 index.php
drwxr-xr-x.  5 root apache   39 Mar 10 12:56 installer
drwxr-xr-x. 89 root apache 4096 Mar 10 12:56 locale
drwxrwxr-x.  2 root apache   39 Mar 25 14:41 logs
drwxr-xr-x.  4 root apache   49 Mar 10 12:56 plugins
-rw-r--r--.  1 root apache   61 Mar 10 12:56 README
drwxr-xr-x.  4 root apache 4096 Mar 10 12:56 scripts
-rw-r--r--.  1 root apache  380 Mar 10 12:56 .scrutinizer.yml
drwxr-xr-x.  5 root apache 4096 Mar 10 12:56 styles
drwxr-xr-x.  5 root apache 4096 Mar 10 12:56 styles-public
drwxr-xr-x. 12 root apache 4096 Mar 10 12:56 templates
-rw-r--r--.  1 root apache  159 Mar 30 11:11 test.php
drwxr-xr-x.  3 root apache   20 Mar 10 12:56 themes
drwxr-xr-x. 26 root apache 4096 Mar 10 12:56 third_party
drwxrwxr-x.  5 root apache   80 Mar 26 13:45 tmp
drwxrwxr-x.  6 root apache   79 Mar 10 12:57 upload

运行 namei -l/var/www/html/limesurvey/tmp 给出:

[ec2-user@ip-x-x-x-xxx ~]$ namei -l /var/www/html/limesurvey/tmp
f: /var/www/html/limesurvey/tmp
drwxr-xr-x root root   /
drwxr-xr-x root root   var
drwxr-xr-x root root   www
drwxr-xr-x root root   html
drwxr-xr-x root apache limesurvey
drwxrwxr-x root apache tmp

推荐答案

经过反复思考,发现 SELinux 正在阻止写入目录.我发现了一个 good说明发生了什么的教程.我可以通过运行以下命令修复它:

After much head-scratching, it transpired that SELinux was preventing the directory from being written to. I found a good tutorial that explains what's going on. I was able to fix it by running this command:

sudo chcon -R -t httpd_sys_rw_content_t tmp

相关文章