Unable to open secret.txt

[Sup3rlativ3]

OS: CentOS 7 x64 Web: Nginx PHP: PHP-FPM 5.4.16-36.el7_1 www-root: /usr/share/nginx/html/

Hi,

So I've tried setting this up and working it out but it seems beyond me.

Muximux is installed in www-root/muximux by cloning using git. I've installed php and confirmed working. nginx:nginx owns www-root/muximux Get error about permissions For shits and giggle changed permissions using chmod to 777 but same error. rm -rf and reinstalled set permissions back up to nginx:nginx change settings.ini.php-example to settings.ini.php and not get "unable to open secret.txt" no secret.txt file, vi secret.txt set permissions for secret.txt to nginx restart nginx and php-fpm because why not issue still here. nothing in journal -xe

Any thoughts?

Cheers.

[mescon]

Sounds real weird. Are you absolutely positive that nginx is the user and nginx is the group?

chown -R nginx.nginx /usr/share/nginx/html/Muximux should be all there is.

Also - make sure you allow fopen in php.ini (remember to restart php-fpm after you changed it).

[evanmj]

What should the permissions be on secret.txt? I feel like it should not be served out as /secret.txt on the web server for anyone to ask for. Maybe I need to update my nginx config to deny serving .txt files?

[mescon]

Permission should be readable by group/or the user that nginx is running as. Basically, try to open /secret.txt and if it works, then you're good.

It should be served out as /secret.txt and no, do not deny serving .txt files.

On each page load, secret.txt is generated by muximux.php. When you close the site or otherwise navigate away from it, the secret.txt contents are re-generated, and as such is not longer valid. Besides, you should have already secured / with HTTP Basic Auth.

If you can not open /secret.txt, then the application will not load. The ID generated is grabbed for use in the JavaScript by an AJAX-function.

[evanmj]

Thanks for the explanation. I do secure with Auth_Basic, and I thought secret.txt was static content, so if it is generated that is fine. Thanks!

[Sup3rlativ3]

So here are the permissions http://i.imgur.com/Y1aZGRu.jpg

Here is my php www.conf http://imgur.com/1yIeM5j

Here is nginx running http://i.imgur.com/oPNSXwq.png

I am able to open secret.txt in a browser (the one I created myself).

If you give more details about fopen I can try to resolve it but as far as I can tell that should only need the ww user (nginx) to have write access to the www-root folder.

the only thing I haven't been able to figure out is that parse_ini_file is not mentioned in my php.ini. If the default is on then there shouldn't be an issue unless it relies on the default config to set that. If that's the case could you please provide an example as I've not found one.

Cheers

[Sup3rlativ3]

[dingo@dingo ~]$ sudo rm -rf /usr/share/nginx/html/muximux/ [dingo@dingo ~]$ ls /usr/share/nginx/html/ 404.html 50x.html index.html info.php nginx-logo.png poweredby.png [dingo@dingo ~]$ sudo git clone https://github.com/mescon/Muximux/ /usr/share/nginx/html/muximux Cloning into '/usr/share/nginx/html/muximux'... remote: Counting objects: 1059, done. remote: Total 1059 (delta 0), reused 0 (delta 0), pack-reused 1059 Receiving objects: 100% (1059/1059), 4.51 MiB | 1.93 MiB/s, done. Resolving deltas: 100% (589/589), done. [dingo@dingo ~]$ sudo chown -R nginx:nginx /usr/share/nginx/html/ [dingo@dingo ~]$ ls -l /usr/share/nginx/html/ total 28 -rw-r--r--. 1 nginx nginx 3650 Jan 27 05:15 404.html -rw-r--r--. 1 nginx nginx 3693 Jan 27 05:15 50x.html -rw-r--r--. 1 nginx nginx 3700 Jan 27 05:15 index.html -rw-r--r--. 1 nginx nginx 21 Feb 9 23:02 info.php drwxr-xr-x. 10 nginx nginx 4096 Feb 11 21:05 muximux -rw-r--r--. 1 nginx nginx 368 Jan 27 05:15 nginx-logo.png -rw-r--r--. 1 nginx nginx 2811 Jan 27 05:15 poweredby.png [dingo@dingo ~]$ ls -l /usr/share/nginx/html/muximux/ total 100 -rw-r--r--. 1 nginx nginx 444 Feb 11 21:05 browserconfig.xml -rw-r--r--. 1 nginx nginx 151 Feb 11 21:05 composer.json -rw-r--r--. 1 nginx nginx 467 Feb 11 21:05 CONTRIBUTORS.md drwxr-xr-x. 3 nginx nginx 4096 Feb 11 21:05 css -rw-r--r--. 1 nginx nginx 1150 Feb 11 21:05 favicon.ico drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 fonts drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 images -rw-r--r--. 1 nginx nginx 7679 Feb 11 21:05 index.php drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 js drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 less -rw-r--r--. 1 nginx nginx 18047 Feb 11 21:05 LICENSE -rw-r--r--. 1 nginx nginx 15900 Feb 11 21:05 muximux.php -rw-r--r--. 1 nginx nginx 7175 Feb 11 21:05 README.md -rw-r--r--. 1 nginx nginx 189 Feb 11 21:05 robots.txt drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 scss -rw-r--r--. 1 nginx nginx 2448 Feb 11 21:05 settings.ini.php-example drwxr-xr-x. 4 nginx nginx 64 Feb 11 21:05 vendor [dingo@dingo ~]$ sudo chmod -R 755 /usr/share/nginx/html/ [dingo@dingo ~]$ ls -l /usr/share/nginx/html/muximux/ total 100 -rwxr-xr-x. 1 nginx nginx 444 Feb 11 21:05 browserconfig.xml -rwxr-xr-x. 1 nginx nginx 151 Feb 11 21:05 composer.json -rwxr-xr-x. 1 nginx nginx 467 Feb 11 21:05 CONTRIBUTORS.md drwxr-xr-x. 3 nginx nginx 4096 Feb 11 21:05 css -rwxr-xr-x. 1 nginx nginx 1150 Feb 11 21:05 favicon.ico drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 fonts drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 images -rwxr-xr-x. 1 nginx nginx 7679 Feb 11 21:05 index.php drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 js drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 less -rwxr-xr-x. 1 nginx nginx 18047 Feb 11 21:05 LICENSE -rwxr-xr-x. 1 nginx nginx 15900 Feb 11 21:05 muximux.php -rwxr-xr-x. 1 nginx nginx 7175 Feb 11 21:05 README.md -rwxr-xr-x. 1 nginx nginx 189 Feb 11 21:05 robots.txt drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 scss -rwxr-xr-x. 1 nginx nginx 2448 Feb 11 21:05 settings.ini.php-example drwxr-xr-x. 4 nginx nginx 64 Feb 11 21:05 vendor

The directory Muximux is installed in does not have write permissions. Please make sure your apache/nginx/IIS/lightHttpd user has write permissions to this folder

[dingo@dingo ~]$ sudo -u nginx nano /usr/share/nginx/html/muximux/test.txt [dingo@dingo ~]$ ls -l /usr/share/nginx/html/muximux/ total 104 -rwxr-xr-x. 1 nginx nginx 444 Feb 11 21:05 browserconfig.xml -rwxr-xr-x. 1 nginx nginx 151 Feb 11 21:05 composer.json -rwxr-xr-x. 1 nginx nginx 467 Feb 11 21:05 CONTRIBUTORS.md drwxr-xr-x. 3 nginx nginx 4096 Feb 11 21:05 css -rwxr-xr-x. 1 nginx nginx 1150 Feb 11 21:05 favicon.ico drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 fonts drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 images -rwxr-xr-x. 1 nginx nginx 7679 Feb 11 21:05 index.php drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 js drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 less -rwxr-xr-x. 1 nginx nginx 18047 Feb 11 21:05 LICENSE -rwxr-xr-x. 1 nginx nginx 15900 Feb 11 21:05 muximux.php -rwxr-xr-x. 1 nginx nginx 7175 Feb 11 21:05 README.md -rwxr-xr-x. 1 nginx nginx 189 Feb 11 21:05 robots.txt drwxr-xr-x. 2 nginx nginx 4096 Feb 11 21:05 scss -rwxr-xr-x. 1 nginx nginx 2448 Feb 11 21:05 settings.ini.php-example -rw-r--r--. 1 nginx nginx 16 Feb 11 22:05 test.txt drwxr-xr-x. 4 nginx nginx 64 Feb 11 21:05 vendor

[Sup3rlativ3]

How can I help get this solved?

[mescon]

Would it be possible for me to see what you see via TeamViewer or any other means? This seems really weird.

[Sup3rlativ3]

sure. email me at sup3rlativ3@gmail.com. Do you have a gpg or some other form of verification?

Edit: It's 1am here now so I may or may not be able to do this tonight. If not we can organise a time.

[Sup3rlativ3]

Help?

[mescon]

Sorry - work got in the way. Perhaps we could set a time for the weekend? I'm on Central European Time (CET).

[Sup3rlativ3]

I've not received an email time. I'll work around you. Thanks.

[mescon]

@Sup3rLativ3 Hey, are you able to get online on Gitter so that we can sort this out?

https://gitter.im/mescon/Muximux

[rmensing]

Possibly Solved. Same problem on two issue reports and neither solved before closed. The following solved the problem for me.

[Ubuntu 16.04, PHP7.0] Make sure the parent directory you are serving out of has the correct permissions. nginx owner www-data:www-data php owner www-data:www-data My root directory for muximux is /var/www/html/ All files in that directory and below are owned by www-data.

To fix the issue I had to also set the PARENT directory to the same owner:group: sudo chown www-data:www-data /var/www/html

[ehvanr]

Came across this issue myself. Noticed OP was running it on the same system (CentOS 7). It was SELinux. You need to change the context of secret.txt to "_httpd_sys_rw_contentt" as opposed to the default "_httpd_sys_contentt"

Set the context: semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/secret.txt

Then restore the existing context to the new context: restorecon -v /var/www/html/secret.txt

[mescon]

Wow, great to know @evreichard, thanks for your help!