问题
I have a problem with a PHP application (Baikal) that runs on Ngnix. The application has no (longer) write permissions for one of its config files. The problem might have occured after upgrading PHP.
Here is some information about my setup:
- Operating system: Arch Linux
- Nginx version: 1.16.1
- Nginx user: http
- PHP version: 7.4.1
- Application: Baikal 0.4.6
- Nginx config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name –––––––––;
root /usr/share/webapps/baikal/html;
index index.php;
include include/ssl.conf;
include include/letsencrypt.conf;
rewrite ^/.well-known/caldav /dav.php redirect;
rewrite ^/.well-known/carddav /dav.php redirect;
charset utf-8;
location ~ /(\.ht|Core|Specific) {
deny all;
return 404;
}
location ~ ^(.+\.php)(.*)$ {
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
The application reports that the file Specific/config.php is not writable. Full path is /usr/share/webapps/baikal/Specific/config.php.
I have set the permissions of the file to 777 for testing purposes; without success. I tested the PHP function is_writable. It returns false for that file. fopen says that the filesystem is read-only (it is not).
I have read a lot about SELinux preventing write operations, but as I said, I use Arch Linux which is no SELinux.
I think it has something to do with the fact that PHP is not allowed to write outside the root directory set in Nginx, but I can't get it fixed.
Can anybody help?
Thanks a lot
回答1:
Okay, nailed it. Pew.
As of PHP 7.4 PHP-FPM protects the system by mounting /usr, /boot, and /etc directories read-only.
This post and this issue led me to solution to just move the application folder outsite of /usr.
来源:https://stackoverflow.com/questions/59753304/nginx-and-php-no-write-permissions