TransWikia.com

nginx php can't write files on CentOS machine

Super User Asked by ctrlz on January 5, 2022

I have this PHP code:

<?php
$myfile = fopen("testfile.txt", "w")
?>

And the following permissions in my /usr/share/nginx/html directory

drwxrwxrwx. 3 root root  4096 Nov 20 08:51 .
drwxr-xr-x. 3 root root    17 Nov 18 23:48 ..
-rwxrwxrwx. 1 root root   537 Sep 16 14:56 50x.html
-rwxrwxrwx. 1 root root  1171 Nov 20 03:50 make.php

But when I run the above PHP code which is in the make.php it doesn’t create the testfile.txt!

What is wrong here? I also tried changing the user to nginx with the chown command but it doesn’t work.

2 Answers

Hahah! First of all .. I love your username, "ctrlz".

Regarding your issue and SELinux:

The web is scattered with posts of people recommending to disabling SELinux. It is definitely the simplest "solution", but it is not ideal in a production environment as it leaves your server more vulnerable.

Yesterday, I took a second dive into learning SELinux. I found the talk, SELinux for Mere Mortals (40min), by Thomas Cameron very helpful.

I don't know what Linux distribution you are using (and I'm not sure how much, if at all, SELinux varies between the others), but CentOS provides a SELinux Guide.




Quick Intro:

SELinux "contexts" are shown in the format user:role:type:range. By default, SELinux ships in the targeted mode, which limits access to resources by the type attribute.

You can append the -Z flag to commands such as ps, ls, cp, mv, mkdir, netstat, and more to view SELinux contexts on different resources.

To view the SELinux contexts of your web folder, run:

ls -lZ /usr/share/nginx/html

To view the context of your nginx process, run:

ps -auxZ | grep -i nginx

There are also SELinux "booleans" that can be enabled / disabled for common use cases. To view a list of booleans related to a web server (nginx in this case), run:

getsebool -a | grep -i httpd

To update a boolean value, you can set it using the setsebool command. Example:

setsebool httpd_read_user_content 1

A few other helpful commands:




That's about where I am at with my SELinux know-how at the moment. I know this is an old post, but I hope this will help others.

Answered by Logan on January 5, 2022

Ok so basically I had to change to this:

SELINUX=permissive

in the /etc/selinux/config file. More info here: How to Disable SELinux.

I don't know if this is the best solution.

Answered by ctrlz on January 5, 2022

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP