My environment:
CentOS 6.6
Nginx 1.7.10 with mod_security, naxsi, ngx_pagespeed modules
PHP 5.6.5
Mariadb 10.0.16
SeLinux close
setenforce 0
My test code:
<?php
/*
** Connect to database:
*/
// connect to the database
$con = mysql_connect('localhost','root','my pass')
or die('Could not connect to the server! ' . mysql_error());
var_dump($con);
exit;
That's it.
And when I use firefox to run this script
The result is "Could not connect to the server! Permission denied"
The nginx error.log is
2015/02/18 23:26:33 [error] 1532#0: *68 FastCGI sent in stderr: "PHP message: PHP Warning: mysql_connect(): Permission denied in /var/www/nginx/aa.php on line 9" while reading response header from upstream, client: client ip, server: localhost, request: "GET /test-sql-injection.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "server ip"
But when I use command line to run this script
php aa.php
The result is
resource(5) of type (mysql link)
It is success to connect to maria db...
The mysql.sock file permission is
In /tmp
lrwxrwxrwx. 1 mysql mysql 25 2015-02-18 21:20 mysql.sock -> /var/lib/mysql/mysql.sock
In /var/lib/mysql
srwxrwxrwx. 1 mysql mysql 0 2015-02-18 23:03 mysql.sock
all command is run as root
and when I use another user to run php command
still get Permission denied error message!
which file's permission wrong?
======
/var/lib/mysql dir permission is 700
so it cause permission denied problem....
php-cgi and php-cli are not using the same php.ini file. Compare both file, maybe you have a difference
Check full path to socket file.
every directory in the path to socket must have eXecute permission for webserver user.
eg /var/ or /var/lib/ or /var/lib/mysql/ could have chmod 700 when it must have chmod 711.
Note that making more permissive chmod could lead to security issues. I suggest you moving mysql.sock
into world-accessible-by-default directory such as /tmp
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.