|
|
https://blog.csdn.net/fang437385 ... tm_relevant_index=6
在selinux 激活情况下,php 写文件操作失败
首先安装semanage
参考这个教程https://www.ltsplus.com/zh-cn/li ... HEL%208%20%E5%8F%8A,dnf%20%E5%AE%89%E8%A3%85%20policycoreutils-python-utils%20%E5%A5%97%E4%BB%B6%E5%8D%B3%E5%8F%AF%EF%BC%9A%20%23%20dnf%20install%20policycoreutils-python-utils
也可以看看这个教程https://www.cnblogs.com/JiangDameiniu/p/9012653.html
就一条命令
dnf install policycoreutils-python-utils
httpd_selinux 详细内容请参考: http://linux.die.net/man/8/httpd_selinux
php运行在apache上,写文件失败,提示 fopen() permission denied. 出现这种情况的原因很多,可能是apache用户没有权限(php一般以apache用户运行代码)等等,这里只说明selinux导致的权限不足问题;
运行环境:fedora 20 + apache + php
假定我们要写文件的目录为 /var/www/html/test_dir ,则执行以下命令:
semanage fcontext -a -t public_content_rw_t "/var/www/html/test_dir(/.*)?"
restorecon -F -R -v /var/www/html/test_dir
setsebool -P allow_httpd_anon_write 1
重启apache服务器:systemctl restart httpd.service
写一段测试代码试一下:
<?php
$fp = fopen("test_dir/test.txt", "w");
fwrite($fp, "aaaaaa");
fclose($fp);
echo "write file ok.";
?>
成功写入test.txt文件。
原文描述:
Sharing Files
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. Thesecontext allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set theappropriate boolean.
Allow httpd servers to read the /var/httpd directory by adding the public_content_t file type to the directory and by restoring the file type. semanage fcontext -a -t public_content_t "/var/httpd(/.*)?"
restorecon -F -R -v /var/httpd Allow httpd servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. This alsorequires the allow_httpdd_anon_write boolean to be set. semanage fcontext -a -t public_content_rw_t "/var/httpd/incoming(/.*)?"
restorecon -F -R -v /var/httpd/incoming
If you want to allow Apache to modify public files used for public file transfer services. Directories/Files must be labeled public_rw_content_t., you mustturn on the allow_httpd_anon_write boolean.
setsebool -P allow_httpd_anon_write 1
If you want to allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t., you must turn on theallow_httpd_sys_script_anon_write boolean.
setsebool -P allow_httpd_sys_script_anon_write 1
————————————————
版权声明:本文为CSDN博主「骑猪等风」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/fang437385323/article/details/44001933
|
|
发表于 2022-9-12 23:32