Problem with file_exists, is_dir, is_writable

Discussion in 'General' started by claudioimai, Feb 7, 2017.

  1. claudioimai

    claudioimai Member

    Hello! I am pushing my head on this problem for a few hours now:
    I have a website in ISPConfig 3 (running on Debian Jessie, PHP 5.4 running as MOD_PHP / FastCGI)
    I need to check is a directory exists, and if not, create it. As the scrit was failing, I tested the results of the functions mentioned in the title, running this script:
    $dir = '/var/www/clients/client1/web7/web/data/cache/lite/test.gzip';
    clearstatcache ();
    echo 'cache cleared';
    while ($dir !== '/'){
       echo '<br />file: <strong>'. $dir . '</strong> '. (file_exists($dir) ? 'exists.' : 'doesn\'t exist.').PHP_EOL;
       $dir = dirname($dir);
    The result is:
    cache cleared
    file: /var/www/clients/client1/web7/web/data/cache/lite/teste.gzip doesn't exist.
    file: /var/www/clients/client1/web7/web/data/cache/lite doesn't exist.
    file: /var/www/clients/client1/web7/web/data/cache exists.
    file: /var/www/clients/client1/web7/web/data exists.
    file: /var/www/clients/client1/web7/web exists.
    file: /var/www/clients/client1/web7 doesn't exist.
    file: /var/www/clients/client1 doesn't exist.
    file: /var/www/clients doesn't exist.
    file: /var/www doesn't exist.
    file: /var doesn't exist.
    file: / doesn't exist.
    The expected result for file exists would be "exists" for all lines, since the test file exists. Also, if one directory level exists, all the parent levels should exist as well. It is not happening, as one can see above.

    The weirdest part is that if I run this script on PHP Cli, everything is fine.

    Please, help!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you had a look at the error.log of the website? Trying to access a folder or file outside of the paths that are defined in the open_basedir settings might give the result does not exist. You should find open_basedir errors the in the error.log.
  3. claudioimai

    claudioimai Member

    I think I solved this problem.
    I changed the permissions for the parent folder ( /var/www/clients/client1/web7/web/data/cache ) to allow execution for the directory owner (www-data) and then the script was able to check and create any new directories as expected.

    I wouldn't have this execution permission, but as it is necessary, it's a matter of preventing script execution in that directory and we will still be safe.
  4. claudioimai

    claudioimai Member

    Yes, thanks for the reply. I looked into the php error logs, it wasn't open_basedir.

    I'm going to try the htaccess security fix and see if I can still create directories.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you are using wrong settings in the website as the web owner that runs the php scripts is not www-data when setup correctly, it is always the web user of that site.

    The php mode must be either PHP-FPM or PHP-FCGI and the suexec checkbox must be on for this. The php mode shall not be mod_php as this mode is insecure and you won't be able to write to any folders of the site. And all files and folders in the /var/www/clients/client1/web7/web directory should be owned by the user web7 and the group client1 and not www-data.
  6. claudioimai

    claudioimai Member

    OK, thank you very much for the hints.
    I will try to fix it. (is there any of your tutorials available for this matter?)

  7. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no separate tutorial necessary, what I described are the default settings when you create a new website in ISPConfig and the setup is the one that is used on any ISPConfig server when you follow a perfect server guide.

    To fix your existing website:

    1) Login to ispconfig.
    2) Go to the website settings and open this website.
    3) Select "PHP-FPM" as php mode and enable the "Suexec" checkbox.
    4) Undo ownership and permissions changes that you made on the data folder, the easiest way to do this is to run these commands:

    chown -R web7:client1 /var/www/clients/client1/web7/web
    chmod -R 755 /var/www/clients/client1/web7/web

    What the above setup is doing: It ensures that the php process of the website runs under the user that owns the files, in case of this website the user is "web7". With that setup, no file is owned by www-data and no php process runs as www-data, so eaxh site is isolated and running under it's own user. The PHP mode mod_php does not support it to run php processes under a different user then www-data, that's why mod_php should not be used anymore.

Share This Page