Apache PHP file_put_contents() Permission Denied

Provides a tutorial example on 'write' permissions in Apache HTML directory from PHP script file_put_contents() function call using the PHP-FPM module on CentOS systems.

If you are using PHP-FPM (FastCGI Process Manager) to support PHP scripts on Apache Web server on CentOS systems, you may run into permission issues when writing files with the file_put_contents() function as shown in this tutorial.

1. Create the following PHP script test_file_put_contents.php.

<html><body><pre>
<?php
#  test_file_put_contents.php
#- Copyright (c) HerongYang.com. All Rights Reserved.
#
  echo "Output from whoami:\n";
  echo `whoami`."\n";

  echo "Output from getcwd():\n";
  echo getcwd()."\n";

  echo "test file_put_contents(./tmp-cwd.tmp):\n";
  file_put_contents("./tmp-cwd.tmp", "File in the CWD directory.");
  echo `ls -l ./tmp-cwd.tmp`."\n";

  echo "test file_put_contents(/tmp/tmp-tmp.tmp):\n";
  file_put_contents("/tmp/tmp-tmp.tmp", "File in the /tmp directory.");
  echo `ls -l /tmp/tmp-tmp.tmp`."\n";
?>
</pre></body></html>

2. Run it as a standalone script in my home directory. I see no permission issues, because the script is running under my user name and I have "write" permissions in /home/herong and /tmp.

herong$ php test_file_put_contents.php

<html><body><pre>

Output from whoami:
herong

Output from getcwd():
/home/herong

test file_put_contents(./tmp-cwd.tmp):
-rw-rw-r--. 1 herong herong 26 Apr  1 23:30 ./tmp-cwd.tmp

test file_put_contents(/tmp/tmp-tmp.tmp):
-rw-rw-r--. 1 herong herong 27 Apr  1 23:30 /tmp/tmp-tmp.tmp

</pre></body></html>

3. Grant "write" permission to all users on the Apache test HTML directory, so my test script can create a new file there.

herong$ sudo chmod 777 /var/www/html/test

herong$ sudo ls -l /var/www/html
drwxrwxrwx. 2 herong root 4096 Apr  1 21:35 test

4. Run it as an Apache Web script. I see that "file_put_contents(./tmp-cwd.tmp)" test failed to create a new file.

herong$ sudo cp test_file_put_contents.php /var/www/html/test

herong$ curl localhost/test/test_file_put_contents.php
<html><body><pre>

Output from whoami:
apache

Output from getcwd():
/var/www/html/test

test file_put_contents(./tmp-cwd.tmp):

test file_put_contents(/tmp/tmp-tmp.tmp):
-rw-r--r--. 1 apache apache 27 Apr  1 23:49 /tmp/tmp-tmp.tmp

</pre></body></html>

4. Check the php-fpm module log file. I see that the issue is caused by lack of permission for user "apache" to create files in /var/www/html/test.

herong$ sudo tail /var/log/php-fpm/www-error.log

...
[...] PHP Warning:  file_put_contents(./tmp-cwd.tmp): failed
   to open stream: Permission denied in
   /var/www/html/test/test_file_put_contents.php

It looks like PHP-FPM module added some extra security protection to prevent any PHP scripts to write back to the Apache HTML directory. Giving the "write" permission to all users as "rwxrwxrwx" is not enough for the PHP-FPM module.

One workaround is to write files to "/tmp" or "/var/log" from Apache PHP scripts.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

Running PHP Scripts on Linux Systems

 Install and Manage PHP Packages on CentOS

 "php -i" - Dump PHP Environment Information

 Install and Manage PHP Modules on CentOS

 Files Used in PHP "include" Statements

 Publish PHP Scripts on Apache Web Server

 Dump PHP/Apache Environment Information

 Change PHP Configuration Settings

Apache PHP file_put_contents() Permission Denied

 SELinux Security Context on /var/www/html

 Migrate Old Scripts to New PHP Release

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 GCC - C/C++ Compiler

 Conda - Environment and Package Manager

 Tools and Utilities

 References

 Full Version in PDF/EPUB