After upgrade from leap 15.3 to 15.4,wordpress has permission error

navid_a · July 26, 2022, 10:06pm

Hello People.
I upgraded from leap15.3 leaep15.4, now the wordpress site is not working.
the browser shows 'Access denied ’ message when visiting the website.


$ sudo tail /var/log/nginx/error.log

2022/07/27 00:34:39 [error] 2905#2905: *78 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/dongip.site/index.php (Per
mission denied)" while reading response header from upstream, client: 172.68.110.191, server: www.dongip.app, request: "GET / HTTP/1.1", up
stream: "fastcgi://unix:/var/run/php-fpm/php-fpm.sock:", host

navid_a · July 26, 2022, 10:20pm

I upgraded the php7 to php8, but still the issue is exist.


> head /etc/php8/fpm/php-fpm.d/www.conf  

; Start a new pool named 'www'. 
; the variable $pool can be used in any directive and will be replaced by the 
; pool name ('www' here) 
[www] 

; Per pool prefix 
; It only applies on the following directives: 
; - 'access.log' 
; - 'slowlog' 
; - 'listen' (unixsocket) 
; - 'chroot' 
; - 'chdir' 
; - 'php_values' 
; - 'php_admin_values' 
; When not set, the global prefix (or /usr) applies instead. 
; Note: This directive can also be relative to the global prefix. 
; Default Value: none 
;prefix = /path/to/pools/$pool 

; Unix user/group of processes 
; Note: The user is mandatory. If the group is not set, the default user's group 
;       will be used. 
user = nginx 
group = nginx 

; The address on which to accept FastCGI requests. 
; Valid syntaxes are: 
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on 
;                            a specific port; 
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 
;                            a specific port; 
;   'port'                 - to listen on a TCP socket to all addresses 
;                            (IPv6 and IPv4-mapped) on a specific port; 
;   '/path/to/unix/socket' - to listen on a unix socket. 
; Note: This value is mandatory. 
listen = /var/run/php-fpm/php-fpm.sock 

; Set listen(2) backlog. 
; Default Value: 511 (-1 on FreeBSD and OpenBSD) 
;listen.backlog = 511 

; Set permissions for unix socket, if one is used. In Linux, read/write 
; permissions must be set in order to allow connections from a web server. Many 
; BSD-derived systems allow connections regardless of permissions. The owner 
; and group can be specified either by name or by their numeric IDs. 
; Default Values: user and group are set as the running user 
;                 mode is set to 0660 
listen.owner = nginx 
listen.group = nginx 
listen.mode = 0660
...
..
.


> head /etc/nginx/nginx.conf
user nginx;
worker_processes  auto;
...
..
.


/var/www/html/dongip.site> ls -rthla
total 236K
-rwxr-xr-x 1 nginx nginx  405 Jul 16  2021 index.php
-rwxr-xr-x 1 nginx nginx 7.0K Jul 16  2021 wp-activate.php
-rwxr-xr-x 1 nginx nginx  20K Jul 16  2021 license.txt
-rwxr-xr-x 1 nginx nginx  351 Jul 16  2021 wp-blog-header.php
drwxr-xr-x 1 nginx nginx 2.7K Jul 16  2021 wp-admin
-rwxr-xr-x 1 nginx nginx 2.3K Jul 16  2021 wp-comments-post.php
-rwxr-xr-x 1 nginx nginx 3.9K Jul 16  2021 wp-cron.php
drwxr-xr-x 1 nginx nginx 8.1K Jul 16  2021 wp-includes
-rwxr-xr-x 1 nginx nginx  49K Jul 16  2021 wp-login.php
-rwxr-xr-x 1 nginx nginx 3.3K Jul 16  2021 wp-load.php
-rwxr-xr-x 1 nginx nginx 2.5K Jul 16  2021 wp-links-opml.php
-rwxr-xr-x 1 nginx nginx  21K Jul 16  2021 wp-settings.php
-rwxr-xr-x 1 nginx nginx 8.4K Jul 16  2021 wp-mail.php
-rwxr-xr-x 1 nginx nginx 3.2K Jul 16  2021 xmlrpc.php
-rwxr-xr-x 1 nginx nginx 4.7K Jul 16  2021 wp-trackback.php
-rwxr-xr-x 1 nginx nginx  31K Jul 16  2021 wp-signup.php
-rwxr-xr-x 1 nginx nginx   53 Jul 16  2021 google57a17349cc56a5d5.html
drwxr-xr-x 1 nginx nginx    6 Jul 16  2021 download
-rwxr-xr-x 1 nginx nginx 2.8K Jul 16  2021 wp-config-sample.php
-rwxr-xr-x 1 nginx nginx 1.8K Jul 19  2021 nginx.conf
-rwxr-xr-x 1 nginx nginx   53 Aug 20  2021 googleb31446d26ed82f98.html
drwxr-xr-x 1 nginx nginx   28 Oct  2  2021 .well-known
-rwxr-xr-x 1 nginx nginx 3.5K Oct  2  2021 wp-config.php
-rwxr-xr-x 1 nginx nginx  917 Oct 18  2021 favicon.png
-rwxr-xr-x 1 nginx nginx   58 Nov 28  2021 version.json
-rwxr-xr-x 1 nginx nginx  937 Nov 28  2021 index.html
drwxr-xr-x 1 nginx nginx  286 Nov 28  2021 app
drwxr-xr-x 1 nginx nginx  212 Nov 28  2021 .tmb
-rwxr-xr-x 1 nginx nginx   16 Dec 26  2021 iwmf_verify.txt
drwxr-xr-x 1 nginx nginx    0 Jan  8  2022 .quarantine
-rwxr-xr-x 1 nginx nginx   58 Feb 20 15:48 app-ads.txt
-rwxr-xr-x 1 nginx nginx 7.2K Jun 23 12:55 readme.html
-rw-r--r-- 1 nginx nginx  523 Jun 23 13:07 .htaccess
drwxr-xr-x 1 nginx nginx  214 Jul 12 03:01 wp-content
drwxr-xr-x 1 nginx root    46 Jul 18 09:00 ..
drwxr-xr-x 1 nginx nginx  862 Jul 27 00:38 .

arvidjaar · July 27, 2022, 6:56am

Try stopping apparmor

aa-teardown

navid_a · July 27, 2022, 9:03am

Thank you dear, The issue
In the leap15.4, the apparmor is enabled by default?!

arvidjaar · July 27, 2022, 9:24am

I do not understand what you are saying. Does your program work after stopping apparmor?

karlmistelberger · July 27, 2022, 9:45am

navid_a:

Hello People.
I upgraded from leap15.3 leaep15.4, now the wordpress site is not working.
the browser shows 'Access denied ’ message when visiting the website.


$ sudo tail /var/log/nginx/error.log

2022/07/27 00:34:39 [error] 2905#2905: *78 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/dongip.site/index.php (Per
mission denied)" while reading response header from upstream, client: 172.68.110.191, server: **www.dongip.app**, request: "GET / HTTP/1.1", up
stream: "fastcgi://unix:/var/run/php-fpm/php-fpm.sock:", host

MozillaFirefox 91.11.0-150200.152.48.1 readily displays site www.dongip.app

Operating System: openSUSE Leap 15.4
KDE Plasma Version: 5.24.4
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
Kernel Version: 5.14.21-150400.24.11-default (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-6700K CPU @ 4.00GHz
Memory: 31.0 GiB of RAM
Graphics Processor: Mesa Intel® HD Graphics 530