search

liuch / dmarc-srg

A php parser, viewer and summary report generator for incoming DMARC reports.
GNU General Public License v3.0
213 stars 31 forks source link

Fetch_report : failed to open stream #123

Open olaf7 opened 3 months ago

olaf7 commented 3 months ago 
PHP Fatal error:  Uncaught ErrorException: require(/usr/local/share/dmarc-srg/config/conf.php): Failed to open stream: Permission denied in /usr/local/share/dmarc-srg/classes/Config.php:50
Stack trace:
#0 /usr/local/share/dmarc-srg/classes/Config.php(50): {closure}()
#1 /usr/local/share/dmarc-srg/classes/Config.php(50): require()
#2 /usr/local/share/dmarc-srg/classes/Core.php(417): Liuch\DmarcSrg\Config->__construct()
#3 /usr/local/share/dmarc-srg/classes/Core.php(358): Liuch\DmarcSrg\Core->getModule()
#4 /usr/local/share/dmarc-srg/classes/ErrorHandler.php(68): Liuch\DmarcSrg\Core->config()
#5 /usr/local/share/dmarc-srg/init.php(56): Liuch\DmarcSrg\ErrorHandler->handleException()
#6 [internal function]: {closure}()
#7 {main}
  thrown in /usr/local/share/dmarc-srg/classes/Config.php on line 50

From config file:
$directories = [
    // Just for displaying in web-admin. Not necessary.
    'name'     => 'Rua-Dir',
    // The directory location
    'location' => '/var/spool/dmarc-srg/rua'
];

/usr/local/share/dmarc-srg# ls -slah /var/spool/dmarc-srg/
total 12K
4.0K drwxr-xr-x 3 www-data root 4.0K Jan 11  2023 .
4.0K drwxr-xr-x 9 root     root 4.0K Jan 11  2023 ..
4.0K drwxr-xr-x 2 www-data root 4.0K Jan 11  2023 rua

This error occurs regardless if owner is root or www-data. Running Debian stable. PHP version: 8.2.7

liuch commented 3 months ago

The script says that there is no access to the configuration file. Please show or check the permissions to /usr/local/share/dmarc-srg/config/conf.php

olaf7 commented 3 months ago

See also my other issue:

ls -slah config/ total 28K 4.0K drwxr-xr-x 2 root root 4.0K Apr 4 21:00 . 4.0K drwxr-xr-x 9 root root 4.0K Apr 4 20:59 .. 8.0K -r--r----- 1 www-data root 5.2K Jan 12 2023 conf.php 12K -r--r----- 1 root root 12K Apr 4 20:59 conf.sample.php

So regardless if I am root or www-data I can access conf.php (not writable by anyone) and /var/spool/dmarc-srg/ The spool directory is writable by both. (Checked using touch)

liuch commented 3 months ago

I just removed read permissions from my config file and got the exact same error. My environment:

I think you run the script under another user that does not have enough privileges. Did you run the script in the console or is this error from the web interface?

liuch commented 3 months ago

Try systemctl restart php8.2-fpm.service if it was web interface.

olaf7 commented 3 months ago

Nope. It is a cronjob, but ... I just noticed I ran it as user 'dmarcparser' which obviously has no access. Safer but more complex this way. Can you please put in the documentation some further hints regarding of needed or suggested rights(setup)?

olaf7 commented 3 months ago

I think it is ok now. With 0440 and group dmarcparser. Is owner www-data required?

liuch commented 3 months ago

I run all my scripts from the utils directory via cron under the www-data user with no extra users/groups and no extra permissions. But this approach will not work for those who do not use the web interface.

liuch commented 3 months ago

think it is ok now. With 0440 and group dmarcparser. Is owner www-data required?

No, that's not required. It is enough for it to have read access to conf.php

liuch commented 3 months ago

Can you please put in the documentation some further hints regarding of needed or suggested rights(setup)?

I'll add this later or accept a PR from you if you'd like to offer edits.