Piwik couldn't write to some directories


#1

Hi,

Could you please help me with this situation. I just installed Piwik to fresh LEMP server (OpenLogic 7[sup][/sup], MariaDB, Nginx[sup]**[/sup], PHP-FPM)
[sup]
)[/sup] CentOS based and hosted in Azure
[sup]**)[/sup] epel-release

MariaDB, Nginx and PHP works fine as tested with web site with simple functionality.

Piwik is currently installed to location /usr/share/nginx/html/piwik by commands:


cd /usr/share/nginx/html
wget http://builds.piwik.org/piwik.zip
unzip piwik.zip
mkdir piwik/tmp
chmod 0755 -R /usr/share/nginx/html/piwik
chown -R nginx:nginx /usr/share/nginx/html/piwik

But no matter what I do still got error message in Piwik page. I have done hours of searching with Google but no solution found yet. Error message is clear but I don’t know what to do anymore:
[size=x-small]Piwik couldn’t write to some directories (running as user ‘nginx’).
Try to Execute the following commands on your server, to allow Write access on these directories:
chown -R nginx:nginx /usr/share/nginx/html/piwik
chmod -R 0755 /usr/share/nginx/html/piwik/tmp
chmod -R 0755 /usr/share/nginx/html/piwik/tmp/assets/
chmod -R 0755 /usr/share/nginx/html/piwik/tmp/cache/
chmod -R 0755 /usr/share/nginx/html/piwik/tmp/logs/
chmod -R 0755 /usr/share/nginx/html/piwik/tmp/tcpdf/
chmod -R 0755 /usr/share/nginx/html/piwik/tmp/templates_c/
If this doesn’t work, you can try to create the directories with your FTP software, and set the CHMOD to 0755 (or 0777 if 0755 is not enough). To do so with your FTP software, right click on the directories then click permissions.[/size]

Permissions listed and even given chmod 777 to tmp and config folder:


cd /usr/share/nginx/html
ls -l
drwxr-xr-x. 12 nginx nginx     4096 Apr  3 11:11 piwik

cd piwik
ls -l
-rw-r--r--.  1 nginx nginx   898 Nov 28 10:24 bower.json
-rw-r--r--.  1 nginx nginx 23922 Mar 26 01:41 CHANGELOG.md
-rw-rw-r--.  1 nginx nginx  3308 Mar 18 03:11 composer.json
-rw-rw-r--.  1 nginx nginx 85914 Mar 18 03:11 composer.lock
drwxrwxrwx.  3 nginx nginx  4096 Mar 27 01:20 config
-rwxr-xr-x.  1 nginx nginx   689 Feb 11 01:18 console
-rw-r--r--.  1 nginx nginx   505 Nov  4 08:35 CONTRIBUTING.md
drwxr-xr-x. 37 nginx nginx  4096 Mar 27 01:19 core
-rw-r--r--.  1 nginx nginx   730 Dec 28 22:20 index.php
drwxr-xr-x.  2 nginx nginx  4096 Mar 26 22:29 js
drwxr-xr-x.  2 nginx nginx  4096 Mar 26 22:29 lang
-rw-r--r--.  1 nginx nginx  7486 Nov 28 10:24 LEGALNOTICE
drwxr-xr-x. 14 nginx nginx  4096 Mar 18 03:11 libs
drwxr-xr-x. 10 nginx nginx  4096 Mar 27 01:20 misc
-rw-r--r--.  1 nginx nginx 43388 Mar 12 01:05 piwik.js
-rw-r--r--.  1 nginx nginx  2279 Dec 28 22:20 piwik.php
drwxr-xr-x. 65 nginx nginx  4096 Mar 27 01:20 plugins
-rw-r--r--.  1 nginx nginx  5100 Mar 27 01:19 README.md
-rw-r--r--.  1 nginx nginx  1052 Feb 11 01:18 SECURITY.md
drwxr-xr-x.  2 nginx nginx  4096 Mar 27 01:20 tests
drwxrwxrwx.  2 nginx nginx  4096 Apr  3 11:11 tmp
drwxr-xr-x. 16 nginx nginx  4096 Mar 27 01:20 vendor

Nginx, MariaDB and PHP-FPM installation shortly:


yum install nginx -y
systemctl start nginx 
systemctl enable nginx

yum install php php-common php-fpm php-mysql -y
systemctl start php-fpm
systemctl enable php-fpm

yum install mariadb-server mariadb -y
mysql_secure_installation
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE piwik;
MariaDB [(none)]> CREATE USER 'piwik'@'localhost' IDENTIFIED BY 'password_here';
MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON piwik.* TO 'piwik'@'localhost';

systemctl restart mariadb

/etc/nginx/nginx.conf:


user    nginx;
worker_processes 1;
..
index	 index.php index.html index.htm;
...
server {
        listen       80;
        server_name  localhost;
        root         /usr/share/nginx/html;
...		
location ~ \.php$ {
            root           /usr/share/nginx/html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

/etc/php.ini:


cgi.fix_pathinfo=0

/etc/php-fpm.d/www.conf:


user = nginx
group = nginx
listen = 127.0.0.1:9000

And finally:


systemctl restart nginx
systemctl restart php-fpm

I will add usage of Unix sockets (listen = /var/run/php-fpm/php-fpm.sock to /etc/php-fpm.d/www.conf) when basic installation works.


#2

Have you chmodded all directories listed there?
If you chmod a dir, subdirs won’t get same permissions!


#3

Yes I used chmod -R. Permissions are listed above. In addition I gave up chmod 777 to /tmp and /config.


#4

Problem solved by disabling SELinux and rebooting system.

/etc/sysconfig/selinux:


# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=[b]disabled[/b]
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


#5

I find the solution here SE Linux changes when upgrading to RHEL 6.6 / CentOS 6.6 .
I add httpd_t to the list of permissive domains, run:

semanage permissive -a httpd_t

Then, piwik works.