Failed to open stream: Permission denied

Failed to open stream: Permission denied

Jairo Alarcón -
回帖数:9

I'm having a problem after migrating a 3.11.4 installation of moodle.

It says failed to open stream, but I triple checked the files and folder from moodledata and they are all 777.

Could it be apache's fault?

Half of the site is working, so it's really weird to me.

This is what I see:



so the file is there, it's 777 and it's owned by apache:apache

I've tested the file to see if it's corrupted but it's not.

And that happens with lots of files from moodledata.

So I don't know whose fault it is; apache, maybe the db, or moodle itself...

Or maybe there is a permission issue I'm not seeing, I don't know anymore.


Edit: This is what I see in the page:


平均分: -
回复Jairo Alarcón

Re: Failed to open stream: Permission denied

Ken Task -
Particularly helpful Moodlers的头像

After migration of the site, did you clear all caches in moodledata/   /cache/ /localcache/ /muc/

Know you said you tested the file, but how did you do that?   Suggest using:

file -b like:

file -b 1504076a14d0ef9bceda38b1358c589b9bfbed8c

from the directory in which it is located to see if your linux system can id the mimetype.

'SoS', Ken



平均分: -
回复Ken Task

Re: Failed to open stream: Permission denied

Jairo Alarcón -
I did clear the cache many times, I transfered it without cache directories, removed muc, will do it again.

I tested the file by changing its name to .png
file -b says:


So it's totally weird it's not working. Permissions in code are 644 and moodledata is all 777 with user apache:apache.
平均分: -
回复Jairo Alarcón

Re: Failed to open stream: Permission denied

Howard Miller -
Core developers的头像 Documentation writers的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像
Check all the parent directory's permissions. Make sure that they at least have an 'x' permission for everybody. The file might be readable but PHP may not be able to get to it.
平均分: -
回复Howard Miller

Re: Failed to open stream: Permission denied

Jairo Alarcón -



They are all like this. I did chmod 777 -R for moodledata and chown to apache:apache -R

I think apache might be misconfigured? But IDK I checked php.ini against moodle suggestions so I think everything is ok there.

平均分: -
回复Jairo Alarcón

Re: Failed to open stream: Permission denied

Ken Task -
Particularly helpful Moodlers的头像

Is there a reason you have moodledata in /var?

On a CentOS server (don't know what OS your's is), apache's 'home' directory (if you will) is /var/www/   In there, one sees an html directory which is document root ... defined in main config file for apache ... moodle code normally there.   I've always had moodledata in /var/www/ with nothing in apache config that points to that ... not needed ... apache can see it ... recursively ... but no one can use a browser to it.

By chance do you have seLinux running? or any other WAF (mod_security)?

'SoS', Ken

平均分: -
回复Ken Task

Re: Failed to open stream: Permission denied

Jairo Alarcón -
I'm in RedHat 8.5.

Changed folder, still nothing. (cleared cache)

sestatus:

平均分: -
回复Jairo Alarcón

Re: Failed to open stream: Permission denied

Howard Miller -
Core developers的头像 Documentation writers的头像 Particularly helpful Moodlers的头像 Peer reviewers的头像 Plugin developers的头像
Yeh - temporarily disable seLinux.

sudo setenforce 0
平均分:Useful (1)
回复Howard Miller

Re: Failed to open stream: Permission denied

Jairo Alarcón -
Does the job.

Do I need to keep it permissive?
What do I need to know to make it work well?

It's for a government website.

Edit: I'm following this Instalación estricta de Moodle. - Alcance Libre

But haven't tried selinux stuff yet, waiting for your answer.
平均分: -
回复Jairo Alarcón

Re: Failed to open stream: Permission denied

Ken Task -
Particularly helpful Moodlers的头像

Gov ... well, in that case ...

Moodle forum discussion/cussion ... which shared how to fix:

https://moodle.org/mod/forum/discuss.php?d=114665#p814778

Specifically this part of above posting:

# assuming moodle data dir is /var/www/moodledata
semanage fcontext -a -t httpd_sys_content_t "/var/www/moodledata(/.*)?"
restorecon -R /var/www/moodledata

Then set back to enforcing.

Think that would require reboot of the box.

After reboot, check sestatus again - and the audit.log while accessing Moodle.

'SoS', Ken


平均分:Useful (2)