4

I need to add an outside path to my apache configuration. (httpd)

so, I made a symlink to this path in my httpd root folder, the path is: /var/log/httpd/ (I want to display logs directly in my projects)

And I can acces all the path by my browser entering: http://127.0.0.1/httpd/

but php throws me an error, when I try to access it from a php file:

code:

function logInfo() {

$log_path = $_SERVER['DOCUMENT_ROOT'] . "/httpd/local.cmp-error_log";
$php_log = file_get_contents($log_path);

print_r ($php_log);

}

error:

[Sun Jul 17 23:45:19.960292 2016] [:error] [pid 19451] [client 127.0.0.1:34718] PHP Warning:  file_get_contents(/home/txx/http/www/httpd/local.cmp-error_log): failed to open stream: Operation not permitted in /home/txx/http/www/base_home/config/sys.php on line 8

Wheres the error here?

Gilles 'SO- stop being evil'
  • 829,060
linearSpin
  • 85
  • 1
  • 1
  • 7

1 Answers1

7

The basic idea is that you can't access files outside the document root. That's the point of the document root. There are several protections that prevent Apache from following symlinks outside the root. You need to enable FollowSymlinks in the directory containing the link, but if you can browse the files, it means this is already done.

You also need to make sure that PHP isn't restricted to the document root. See this Stack Overflow question: check that php.ini does not contain the open_basedir setting. Another potential restriction is SELinux, if your machine has been hardened then PHP may be restricted to some predefined directories and in particular may be forbidden from accessing home directories. See also Access file outside document root.

If you can't manage to access something outside the web root, or if you prefer not to weaken the security of your system too much, you can bring the files under the web root instead of making Apache and PHP look elsewhere. A bind mount of /var/log/httpd to /var/www/dangerous/logs creates a view of the /var/log/httpd directory at the mount /var/www/dangerous/logs. You can and probably should make the view read-only.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
  • Yes, I've got my open_basedir in /etc/php/php.ini, and writing my path to it solves the problem. Thanks for a full Answer. – linearSpin Jul 18 '16 at 20:11