Failed to open stream: Permission denied

Failed to open stream: Permission denied

by Jairo Alarcón -
Number of replies: 9

I'm having a problem after migrating a 3.11.4 installation of moodle.

It says failed to open stream, but I triple checked the files and folder from moodledata and they are all 777.

Could it be apache's fault?

Half of the site is working, so it's really weird to me.

This is what I see:



so the file is there, it's 777 and it's owned by apache:apache

I've tested the file to see if it's corrupted but it's not.

And that happens with lots of files from moodledata.

So I don't know whose fault it is; apache, maybe the db, or moodle itself...

Or maybe there is a permission issue I'm not seeing, I don't know anymore.


Edit: This is what I see in the page:


Average of ratings: -
In reply to Jairo Alarcón

Re: Failed to open stream: Permission denied

by Ken Task -
Picture of Particularly helpful Moodlers

After migration of the site, did you clear all caches in moodledata/   /cache/ /localcache/ /muc/

Know you said you tested the file, but how did you do that?   Suggest using:

file -b like:

file -b 1504076a14d0ef9bceda38b1358c589b9bfbed8c

from the directory in which it is located to see if your linux system can id the mimetype.

'SoS', Ken



Average of ratings: -
In reply to Ken Task

Re: Failed to open stream: Permission denied

by Jairo Alarcón -
I did clear the cache many times, I transfered it without cache directories, removed muc, will do it again.

I tested the file by changing its name to .png
file -b says:


So it's totally weird it's not working. Permissions in code are 644 and moodledata is all 777 with user apache:apache.
Average of ratings: -
In reply to Jairo Alarcón

Re: Failed to open stream: Permission denied

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Check all the parent directory's permissions. Make sure that they at least have an 'x' permission for everybody. The file might be readable but PHP may not be able to get to it.
Average of ratings: -
In reply to Howard Miller

Re: Failed to open stream: Permission denied

by Jairo Alarcón -



They are all like this. I did chmod 777 -R for moodledata and chown to apache:apache -R

I think apache might be misconfigured? But IDK I checked php.ini against moodle suggestions so I think everything is ok there.

Average of ratings: -
In reply to Jairo Alarcón

Re: Failed to open stream: Permission denied

by Ken Task -
Picture of Particularly helpful Moodlers

Is there a reason you have moodledata in /var?

On a CentOS server (don't know what OS your's is), apache's 'home' directory (if you will) is /var/www/   In there, one sees an html directory which is document root ... defined in main config file for apache ... moodle code normally there.   I've always had moodledata in /var/www/ with nothing in apache config that points to that ... not needed ... apache can see it ... recursively ... but no one can use a browser to it.

By chance do you have seLinux running? or any other WAF (mod_security)?

'SoS', Ken

Average of ratings: -
In reply to Ken Task

Re: Failed to open stream: Permission denied

by Jairo Alarcón -
I'm in RedHat 8.5.

Changed folder, still nothing. (cleared cache)

sestatus:

Average of ratings: -
In reply to Jairo Alarcón

Re: Failed to open stream: Permission denied

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Yeh - temporarily disable seLinux.

sudo setenforce 0
Average of ratings:Useful (1)
In reply to Howard Miller

Re: Failed to open stream: Permission denied

by Jairo Alarcón -
Does the job.

Do I need to keep it permissive?
What do I need to know to make it work well?

It's for a government website.

Edit: I'm following this Instalación estricta de Moodle. - Alcance Libre

But haven't tried selinux stuff yet, waiting for your answer.
Average of ratings: -
In reply to Jairo Alarcón

Re: Failed to open stream: Permission denied

by Ken Task -
Picture of Particularly helpful Moodlers

Gov ... well, in that case ...

Moodle forum discussion/cussion ... which shared how to fix:

https://moodle.org/mod/forum/discuss.php?d=114665#p814778

Specifically this part of above posting:

# assuming moodle data dir is /var/www/moodledata
semanage fcontext -a -t httpd_sys_content_t "/var/www/moodledata(/.*)?"
restorecon -R /var/www/moodledata

Then set back to enforcing.

Think that would require reboot of the box.

After reboot, check sestatus again - and the audit.log while accessing Moodle.

'SoS', Ken


Average of ratings:Useful (2)