Unable to write to EC2 instance running Apache on shared EFS

0

I have an Auto-scaling group with the following EFS setup in the Launch Template:

sudo yum install -y amazon-efs-utils
sudo mount -t efs fs-0f13ef1378a09e59c:/ /efs
sudo mount -t efs fs-0f13ef1378a09e59c:/html /var/www/html
sudo mount -t efs fs-0f13ef1378a09e59c:/test /home/test
# Reference: https://stackoverflow.com/questions/57260276/using-same-aws-efs-to-share-multiple-directories

I have PHP8.0 and Apache set up this guide: https://gist.github.com/syad9000/dbc855a11b306cb454b283a83fe479f2. This creates the source AMI that I use to generate two EC2 instances in an Auto-scaling group that uses an EFS to sync the /var/home/html/test folder and the /home/test folder. I have Apache set up to serve port 80 to the /var/www/html/test folder.

I am using an ALB to redirect requests to the qualified domain name to the target group I created. I can serve files such as /index.html or /index.php fine. PHP code is working in the browser.

My problem is that I am trying to create an API that will run a stored shell script based on GET command. For example, I do a GET request to /index.php?build=true. My PHP script is trying to execute the /var/www/html/test/build.sh script.

I get an error message stating:

<br />
<b>Warning</b>:  file_put_contents(/var/www/html/test/.build/error.log): Failed to open stream: Permission denied in <b>/var/www/html/test/_resources/php/functions.php</b> on line <b>11</b><br />

When I log in via the console I can run the script with no error. When I try to run using either the web browser or curl I get the above error. When I log into the console and run as the apache user using:

sudo su -s /bin/bash -c '/var/www/html/build.sh' apache

Where is the permissions issue originating in the Apache config? The EFS or something else like the ALB?

Bryan C
asked a year ago430 views
1 Answer
1
Accepted Answer

Hello,

Greetings for the day!

Before moving forward, I would like to inform you that EFS does not require any special settings to be used with Apache or PHP and you can access it normally if it has required permissions.

Looking at the error, you can see it says “Permission denied” which means the user (who is running php script) does not have sufficient permissions to write into the target file "/var/www/html/test/"

Further, to be sure on this I tested it in my lab and I was able to write to that target file under EFS without any issues after adding the permissions. I have mounted an EFS file system on my test instance and replicate the same setup and I was getting the error for that user. After adding the required posix permission I was able to access the files.

I would suggest you to please verify the permissions and ownership of your efs folder and it’s subdirectories. Further I would also suggest you to identify the user which is associated with the PHP program when performing write operations to the destination folder "/var/www/html/test/".

Furthermore, for testing you can also try giving full permissions (777) to the target file “/var/www/html/test/“ and see if it resolves the issue. [+] https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-nfs-permissions.html

AWS
SUPPORT ENGINEER
answered a year ago
  • It was a permissions issue. Thanks! However, I realized that permissons 777 would make it world writeable. I made it 755 and it worked. I don't know why I forget to check that. I guess because I am a newb.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions