I am presently moving my Light from my Home windows Server to some VPS running Debian 6. Most things are working, however, among the PHP scripts was neglecting to email its set up log file. I possibly could not determine why, and so i authored a brand new, simple, contrived PHP script to check the issue.

        ini_set('display_errors', 1);
        echo exec('whoami');
        $log = fopen('/var/log/apache2/writetest/writetest.log', 'a');
        if ($log != NULL)
                $log = NULL;

However, it fails using the result:

www-data Warning: fopen(/var/log/apache2/writetest/writetest.log): failed to open stream: Permission denied in /var/www/_admin/phpwritetest.php on line 5 
  • As I would not get it done normally, to assist identify, I set /var/log/apache2/writetest/writetest.log to chmod 777.
  • Both directory and also the file are possessed by www-data:www-data.
  • The file was produced with touch.

I went strace to ensure which process was carrying out outdoors:

[pid 21931] lstat("/var/log/apache2/writetest/writetest.log", 0x7fff81677d30) = -1 EACCES (Permission denied)
[pid 21931] lstat("/var/log/apache2/writetest", 0x7fff81677b90) = -1 EACCES (Permission denied)
[pid 21931] open("/var/log/apache2/writetest/writetest.log", O_RDWR|O_CREAT|O_TRUNC, 0666) = -1 EACCES (Permission denied)

I checked and pid 21931 was indeed among the apache2 child processes running under www-data. As you can tell, I additionally incorporated echo exec('whoami'); within the script which confirmed the script had been run by www-data.

Other notes:

  • PHP isn't running in safe mode
  • PHP open_basedir isn't set
  • Version info: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze3 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
  • uname -a: 2.6.32-238.19.1.el5.028stab092.2 #1 SMP Thu Jul 21 19:23:22 MSD 2011 x86_64 GNU/Linux
  • This really is on the VPS running under OpenVZ
  • ls -l (file): -rwxrwxrwx 1 www-data www-data 0 Sep 8 18:13 writetest.log
  • ls -l (directory): drwxr-xr-x 2 www-data www-data 4096 Sep 8 18:13 writetest
  • Apache2's parent process runs under root, and also the child processes under www-data
  • selinux isn't installed (because of Fabio for telling me to say this)
  • I've restarted apache many occasions and restarted the server too

What am I looking over? Thanks.

Keep in mind that to be able to achieve personal files, ALL parent sites should be readable by world wide web-data. You strace output appears to point that even being able to access /var/log/apache2/writetest is failing. Make certain that world wide web-data has permissions around the following sites:

  • / (r-x)
  • /var (r-x)
  • /var/log (r-x)
  • /var/log/apache2 (r-x)
  • /var/log/apache2/writetest (rwx)
  • /var/log/apache2/writetest/writetest.log (rw-)

Does the php file doing the writing have proper permissions set? Try altering individuals to ascertain if this is the problem.

Might be a SELinux problem, even when Debian does not ship it within the default installation your provider might have enabled it. Search for messages in /var/log with

grep -i selinux /var/log/{syslog,messages}

In the event that's the reason and you have to disable it, listed here are instructions: search for file /etc/selinux/config, here it's default content. Change SELINUX directive to disabled and reboot the machine.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.