Permission denied writing to one directory, but not the other -- both have same owner/group/755

Question

This is driving me insane. httpd runs as the user apache. I have two directories within /var/www/html -- uploads and photos. Both have group:owner of apache:apache. Both are 755. uploads is writable from php -- photos is not.

Some test code:

var_dump(touch('/var/www/html/photos/_test.log'));
var_dump(touch('/var/www/html/uploads/_test.log'));
var_dump(touch('/var/www/html/uploadsasdf/_test.log'));

And results:

Warning: touch(): Unable to create file /var/www/html/photos/_test.log because Permission denied in /var/www/html/test.php on line 2
bool(false) 
bool(true) 
Warning: touch(): Unable to create file /var/www/html/uploadsasdf/_test.log because Permission denied in /var/www/html/test.php on line 4
bool(false)

I've confirmed permissions through a shell and GUI interface. I've chowned and chmoded everything again just to be sure. I've renamed the uploads directory to something else and renamed photos to uploads to see if the name of the directory was the key here, but it wasn't. It's the directory itself. The renamed uploads still works with a new name, and the photos directory that is now called "uploads" does not.

Of note, _test.log does not exist in the folders before testing, so it's not like that file has bad permissions or anything.

Interestingly, if I create a new directory, chown it to apache:apache, chmod it to 777, I can't write to it, so something larger may be wrong here; but the question remains: why then does the uploads directory work?

Has anyone seen this behavior before? Am I missing something obvious?

Thanks in advance for any help!

Edited to add more info:

exec('whoami') 

"apache"

var_dump(posix_getpwuid(fileowner('/var/www/html/')));
var_dump(posix_getpwuid(fileowner('/var/www/html/uploads/')));
var_dump(posix_getpwuid(fileowner('/var/www/html/photos/')));

all "apache"

All have the same fileperms() value. However, is_writable() is false on all but "uploads".

mkdir('var/www/html/test');

Warning: mkdir(): Permission denied

ls-alF

drwxr-xr-x.  2 apache apache 286720 Nov 22 15:17 photos/
drwxr-xr-x.  2 apache apache  81920 Nov 22 12:06 uploads/
drwxr-xr-x.  2 apache apache      6 Nov 22 10:31 uploadsasdf/

I have called clearstatcache(); I have rebooted the server. What ... on ... Earth?

Answer 1

Since you are using CentOS and and you've tried everything else, my guess would be something related to SELinux. One of the answers from this question may be helpful Forbidden You don't have permission to access on this server. Centos 6 / Laravel 4

Specifically try this to analyze SELinux permissions (ls -lZ) and temporarily disable SELinux:

If you're using CentOS it could be an issue with selinux. Check to see if selinux is enabled with 'sestatus'. If it is enabled, you can check to see if that is the issue (temporarily) using 'sudo setenforce 0'. If apache can serve the site, then you just need to change the context of the files recursively using 'sudo chcon -R -t httpd_sys_content_t' (you can check the existing context using 'ls -Z'.

Answer 2

If selinux is enabled (sestatus will tell you), try sudo restorecon -Rv /var/www/ first. Sounds much like SELinux is getting in the way and you somehow have got a file/directory there which is not labelled correctly. Restorecon will revert labels to default, and -v will show you which labels have been corrected, if any.

Failing that, extended attributes come to mind. do lsattr <filename> and if the output looks anything like ------i-----, the immutable flag is set. Change it with chattr -i <filename> and you're good to go.