The Penguin Forums

Hi. I am getting some strange behaviour with Fedora Core 3, Apache 2 and PHP 4.3.9. (Out of the box config)

Previously (red hat 9) I experienced no problems with uploading files to the server and having them moved using php's move_uploaded_file function. However, having moved to Fedora Core 3 I am getting "failed to open stream: Permission denied" when uploading image files to the /tmp directory (set in php.ini).

is_uploaded_file reports that the file is uploaded which I believe is giving dodgy reports becuaew if I try using getimagesize to return the dimensions I get no such file or directory. Furthermore I can see no temp file in the /tmp directory when running ls -al.

I have tried chmod 777 on the destination directory, I've changed the ownership of the destination to reflect owner and group in httpd.conf. I've created a new directory within /tmp and applied the same chmod and permissions combination and modified php.ini to reflect the change. In each case I have restarted the httpd service but to no avail.

On a newsgroup I found this which matches my experience:

--- snip ---

On the Fedora Core 3 Linux distribution, you may get a "failed to open stream: Permission denied in ..." message. I found changing the permission of the directory does not work (even if you set to 0777). It is because of the new SELinux kernel that allow apache user to write only in /tmp dir (I think). In order to solve the problem you must disable the SELinux (at least for apache service) to allow the server to write in other directories. To do that, run the system-config-securitylevel app and disable the SE to apache service. Reboot the system.

--- snip ---

I ran system-config-securitylevel but the only options I can see via the ssh interface using putty are the common or garden firewall services options such as www, smtp, ftp, ssh etc. Thus I am no further ahead at all and still in square one.

On our old dev box running red hat, the php operation is as expected and all is well with the world.

Anyone have a solution to this issue?

Thanks for any snippets of wisdom here.

Cheers,

Karl

After a bit of ferreting about at:

http://fedora.redhat.com/docs/selinux-f ... #id2825880

I found this.

You can specify the SELinux mode using the configuration file /etc/sysconfig/selinux.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

By setting the SELINUX parameter to permissive I have overcome the upload problem. Not sure whether this opens up any gaping security holes at this stage but given it is a dev box on an internal network I'm happy for the time being.