问题
I'm trying to create XML sitemaps for my website from my PHP application. The idea is to either create a new file or overwrite an existing file. When I call fopen, I get the following error:
[function.fopen]: failed to open stream: Permission denied
I'm trying to write to the webroot and its permissions are: 755. This means that the owner has write permission, right? What do I need to do to make my script be able to write to this folder? 777 would be a bad thing, right? Can I run my script as owner somehow?
Thanks.
回答1:
Yep, as you've said, using 777 could be huge mistake. The webserver doesn't run with the same user as you use to create files and folders.
You have some options:
- Run the sitemap creation as a cronjob, using an user with rights to write there, other than the apache user.
- Put the sitemap in another directory, and the set up a
302 Redirector a symlink. In this case, if you have a security issue that let's someone to write yoursitemap.xml, at least they'll not be able to create another file with a more dangerous extensions (like PHP, which may result in a site intrusion). - Make a rewrite rule to redirect any hit to sitemap.xml, to a php script that outputs the appropriate XML.
Good luck!
回答2:
I'm a beginner and I had this problem as well. I am using Ubuntu linux w/ php and apache
- Write a php script w/ the following:
<?php exec('whoami'); ?>and run it on your server. This tells you who the current user of the script is - SSH to your server.
- Make a group that has read and write access to the files you need.
- Make group have read, write, and execute on folders you need.
- Make the current user you found in the first step, part of the group that has access to the files you need.
- Restart Apache:
sudo apachectl restart
main commands you need are:
- groupadd: Create a new group
- usermod: add your user to a new group
- chgrp: changes files / folders to group you specify
- chmod: changes permissions on the files / folders you specify. All the commands you need are here: http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html
回答3:
If you have ACL enabled on the webroot partition just grant the web server username full rights
setfacl -m u:apache:rwx /var/www/html
Replace apache with the web server username and /var/www/html with your webroot location.
回答4:
had the same problem
Looks like apache is running as nobody in the nobody group
so if you do a
useradd -G nobody youruser
chown -R youruser:nobody .
Then change the permission to 0775
chmod -R 0775 .
or you may add nobody to your usergroup
useradd -G nobody yourgroup
this be a better solution
回答5:
777 is pretty normal, because PHP does not run as you, it runs as a PHP user, Apache, etc. The fact is, your webhost should have a higher set of permissions that prevents other users from writing/deleting your files.
回答6:
Does it work with group write enabled (i.e. 775)? Check your group permissions for the directory the file is in. As long as your PHP user (usually www-data) is part of that group, and it's the only user, you should be fine with 775 (or even 774).
回答7:
Like Pascal said! just find your apache user
<?php exec'whoami'; ?>
and then
useradd -G username username2
chown -R username:username2 .
chmod -R 0775 .
And its done! Thank you Pascal!
来源:https://stackoverflow.com/questions/5253670/function-fopen-failed-to-open-stream-permission-denied-in-php