I have a php file within /var/www/html that is called from the client side, and within this php file I require a file from a directory I created and called /app/lib/ where all of my custom libraries and classes reside.
However, every time the endpoint is hit, I get the following PHP warning & error:
PHP Warning: require(/app/lib/User/User.php): Failed to open stream: Permission denied
PHP Fatal error: Uncaught Error: Failed opening required '/app/lib/User/User.php' (include_path='.:/usr/share/pear:/usr/share/php')
My server OS is centOS
Currently, the permissions on the /app/lib directory are apache:apache, with permissions on all directories set to 755, and the php files being set to 644.
I am not sure what else I am missing, so if anyone has any insight, I would greatly appreciate the help
You're probably missing
chmod 755 /app.It's not sufficient to set the permissions on just the directories with the target files on them. You also need to set permissions on every parent directory back up to the root. For example, if you have a file
/app/lib/User/User.php, then you will need to set the permissions on the fileUser.php, the directory it's in/app/lib/User, and its parents/app/liband/app. You can do this with the-Rrecursive argument on chown/chmod or just specify multiple arguments:Note however, one of your most basic security tenets for a web server should be, "The user that the web server process runs as should not have write access to the files it serves." This will prevent attackers from being able to exploit vulnerabilities to create or change PHP files. Ideally, you want the files to be owned by an unprivileged user, and then set read-only to the web server. I.e., don't
chown apache:apachefor them. Since you're granting world-read, the files don't have to (and shouldn't) be owned by the Apache user. Instead use something likenobody:nobody.