Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fetch_report : failed to open stream #123

Open
olaf7 opened this issue Apr 7, 2024 · 9 comments
Open

Fetch_report : failed to open stream #123

olaf7 opened this issue Apr 7, 2024 · 9 comments

Comments

@olaf7
Copy link

olaf7 commented Apr 7, 2024

PHP Fatal error:  Uncaught ErrorException: require(/usr/local/share/dmarc-srg/config/conf.php): Failed to open stream: Permission denied in /usr/local/share/dmarc-srg/classes/Config.php:50
Stack trace:
#0 /usr/local/share/dmarc-srg/classes/Config.php(50): {closure}()
#1 /usr/local/share/dmarc-srg/classes/Config.php(50): require()
#2 /usr/local/share/dmarc-srg/classes/Core.php(417): Liuch\DmarcSrg\Config->__construct()
#3 /usr/local/share/dmarc-srg/classes/Core.php(358): Liuch\DmarcSrg\Core->getModule()
#4 /usr/local/share/dmarc-srg/classes/ErrorHandler.php(68): Liuch\DmarcSrg\Core->config()
#5 /usr/local/share/dmarc-srg/init.php(56): Liuch\DmarcSrg\ErrorHandler->handleException()
#6 [internal function]: {closure}()
#7 {main}
  thrown in /usr/local/share/dmarc-srg/classes/Config.php on line 50

From config file:
$directories = [
    // Just for displaying in web-admin. Not necessary.
    'name'     => 'Rua-Dir',
    // The directory location
    'location' => '/var/spool/dmarc-srg/rua'
];

/usr/local/share/dmarc-srg# ls -slah /var/spool/dmarc-srg/
total 12K
4.0K drwxr-xr-x 3 www-data root 4.0K Jan 11  2023 .
4.0K drwxr-xr-x 9 root     root 4.0K Jan 11  2023 ..
4.0K drwxr-xr-x 2 www-data root 4.0K Jan 11  2023 rua

This error occurs regardless if owner is root or www-data. Running Debian stable. PHP version: 8.2.7

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

The script says that there is no access to the configuration file. Please show or check the permissions to /usr/local/share/dmarc-srg/config/conf.php

@olaf7
Copy link
Author

olaf7 commented Apr 7, 2024

See also my other issue:

ls -slah config/
total 28K
4.0K drwxr-xr-x 2 root root 4.0K Apr 4 21:00 .
4.0K drwxr-xr-x 9 root root 4.0K Apr 4 20:59 ..
8.0K -r--r----- 1 www-data root 5.2K Jan 12 2023 conf.php
12K -r--r----- 1 root root 12K Apr 4 20:59 conf.sample.php

So regardless if I am root or www-data I can access conf.php (not writable by anyone) and /var/spool/dmarc-srg/
The spool directory is writable by both. (Checked using touch)

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

I just removed read permissions from my config file and got the exact same error.
My environment:

  • OS information: Linux 6.6.15-amd64 #_1 SMP PREEMPT_DYNAMIC Debian 6.6.15-2 (2024-02-04) x86_64
  • PHP version: 8.2.12

I think you run the script under another user that does not have enough privileges.
Did you run the script in the console or is this error from the web interface?

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

Try systemctl restart php8.2-fpm.service if it was web interface.

@olaf7
Copy link
Author

olaf7 commented Apr 7, 2024

Nope. It is a cronjob, but ... I just noticed I ran it as user 'dmarcparser' which obviously has no access. Safer but more complex this way.
Can you please put in the documentation some further hints regarding of needed or suggested rights(setup)?

@olaf7
Copy link
Author

olaf7 commented Apr 7, 2024

I think it is ok now. With 0440 and group dmarcparser. Is owner www-data required?

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

I run all my scripts from the utils directory via cron under the www-data user with no extra users/groups and no extra permissions. But this approach will not work for those who do not use the web interface.

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

think it is ok now. With 0440 and group dmarcparser. Is owner www-data required?

No, that's not required. It is enough for it to have read access to conf.php

@liuch
Copy link
Owner

liuch commented Apr 7, 2024

Can you please put in the documentation some further hints regarding of needed or suggested rights(setup)?

I'll add this later or accept a PR from you if you'd like to offer edits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants