允许Apache/PHP对已安装目录具有读/写访问权限 [英] Allow Apache/PHP a read/write access to a mounted directory

问题描述

我们的网站使用apache httpd和php在Linux服务器上运行.在该服务器上，安装了Windows服务器上的某个目录，例如/mnt/some_directory/.我可以使用自己的用户帐户使用WinSCP或SSH浏览此目录.

我还可以在SSH中执行以下操作:

php -r "print_r(file_get_contents('/mnt/some_directory/file_name.txt'));"

并查看该文件的内容.

我们需要从该目录中读取文件并进行解析，以便将其导入网站所使用的数据库中.但是，当网站上出现fopen或file_get_contents时，我们会收到权限被拒绝的错误.

我对Web服务器的访问权限有限(并且对* nix和apache配置的了解有限)，但是显然应该解决此问题的管理员也缺少此知识，因此我需要解决此任务，这就是为什么在这里问.

管理员所做的是将已安装目录的组和所有权设置为"apache"，即运行httpd进程的用户.但这没有帮助.

据我所知，默认情况下不允许访问webroot之外的文件.在httpd.conf中为/mnt/some_directory/设置DIRECTORY指令是否足够?还是还有其他要做的事情?

解决方案

我们的团队遇到了同样的问题，我的队友能够通过在安装选项中添加context来解决此问题.

我们使用以下格式将Windows共享文件夹安装到apache可以访问的linux:

mount -v -t cifs <//$hostname/$(windows shared dir)> <mount directory> -o username="<username>",password=<password>,domain=<domain name>,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"

例如:

mount -v -t cifs //192.168.1.19/sample_dir /mnt/mount_dir -o username="admin",password=adminpwd,domain=MIINTER,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"

We have websites running on a linux server with apache httpd and php. On that server a certain directory from a windows server is mounted as let's say /mnt/some_directory/. I can browse this directory with both WinSCP or SSH, using my own user account.

I can also perform the following in SSH:

php -r "print_r(file_get_contents('/mnt/some_directory/file_name.txt'));"

and see contents of that file.

We need to read a file and parse from that directory in order to import it in the database that is used by the website. But when an fopen or a file_get_contents on the website we get a permission denied error.

I have limited access to the web server (and limited knowledge of *nix and apache configuration), but the administrator that is supposed to resolve this apparently is also lacking this knowledge and I need to have this task resolved,that's why I am asking here.

What the admin did was to set the group and ownership of the mounted directory to"apache", which is the user the httpd process is running as. But that didn't help.

As far as I know access to files outside of the webroot is disallowed by default. Would it be sufficient to set a DIRECTORY directive in httpd.conf for /mnt/some_directory/? Or is there anything else that has to be done?

解决方案

our team had the same issue, my team-mate was able to resolve this by adding context to mount options.

we are using the following format for mounting windows shared folder to linux that apache will be able to access:

mount -v -t cifs <//$hostname/$(windows shared dir)> <mount directory> -o username="<username>",password=<password>,domain=<domain name>,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"

For example:

mount -v -t cifs //192.168.1.19/sample_dir /mnt/mount_dir -o username="admin",password=adminpwd,domain=MIINTER,iocharset=utf8,file_mode=0777,dir_mode=0777,context="system_u:object_r:httpd_sys_content_t:s0"

这篇关于允许Apache/PHP对已安装目录具有读/写访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！