LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Connection issue involving mysql when run through apache php but not through cli php. (http://www.linuxquestions.org/questions/linux-server-73/connection-issue-involving-mysql-when-run-through-apache-php-but-not-through-cli-php-4175447001/)

sasheto86 01-24-2013 04:27 AM

Connection issue involving mysql when run through apache php but not through cli php.
 
Hi, LQ!

Please help me out with this one, I'm stumped.

I have a very simple test script to connect to mysql on a different machine and do a print to the screen of a select in the db.

I run this script from machine A (192.168.9.103) to connect to mysql on port 3306 on machine B (192.168.9.101) via commandline php and the script prints out the result of the select with no problems.

I run the same script via web through apache and get:
Access denied for user 'root'@'localhost' (using password: NO)

The connection params are not root @ localhost (they are someuser, somepass at the machine B). Apache error logs show (right after apache restart):

[Thu Jan 24 12:01:07 2013] [notice] caught SIGTERM, shutting down
[Thu Jan 24 12:01:17 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Thu Jan 24 12:01:17 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Jan 24 12:01:17 2013] [notice] Digest: generating secret for digest authentication ...
[Thu Jan 24 12:01:17 2013] [notice] Digest: done
[Thu Jan 24 12:01:17 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Thu Jan 24 12:01:25 2013] [error] [client 192.168.9.64] PHP Warning: mysql_connect(): Can't connect to MySQL server on '192.168.9.101' (13) in /var/www/html/t.php on line 5
[Thu Jan 24 12:01:25 2013] [error] [client 192.168.9.64] PHP Warning: mysql_select_db(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/t.php on line 7
[Thu Jan 24 12:01:25 2013] [error] [client 192.168.9.64] PHP Warning: mysql_select_db(): A link to the server could not be established in /var/www/html/t.php on line 7
[Thu Jan 24 12:01:25 2013] [error] [client 192.168.9.64] PHP Warning: mysql_query(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/t.php on line 11
[Thu Jan 24 12:01:25 2013] [error] [client 192.168.9.64] PHP Warning: mysql_query(): A link to the server could not be established in /var/www/html/t.php on line 11


# php -v
PHP 5.3.3 (cli) (built: Jul 3 2012 16:53:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

Here's a strace of the apache thread handling the script t.php:

accept4(3, {sa_family=AF_INET, sin_port=htons(40218), sin_addr=inet_addr("192.168.9.64")}, [16], SOCK_CLOEXEC) = 9
fcntl(9, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(9, "GET /t.php HTTP/1.1\r\nHost: 192.168.9.103\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\n\r\n", 8000) = 288
stat("/var/www/html/t.php", {st_dev=makedev(253, 0), st_ino=1445263, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=260, st_atime=2013/01/24-12:08:44, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
brk(0x7f6ff2460000) = 0x7f6ff2460000
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0
rt_sigaction(SIGPROF, {0x7f6fe6035a50, [PROF], SA_RESTORER|SA_RESTART, 0x7f6feee53920}, {0x7f6fe6035a50, [PROF], SA_RESTORER|SA_RESTART, 0x7f6feee53920}, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0
getcwd("/", 4095) = 2
chdir("/var/www/html") = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 0}}, NULL) = 0
lstat("/var/www/html/t.php", {st_dev=makedev(253, 0), st_ino=1445263, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=260, st_atime=2013/01/24-12:08:44, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
lstat("/var/www/html", {st_dev=makedev(253, 0), st_ino=1442303, st_mode=S_IFDIR|0775, st_nlink=3, st_uid=48, st_gid=48, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/01/24-11:56:04, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
lstat("/var/www", {st_dev=makedev(253, 0), st_ino=1442276, st_mode=S_IFDIR|0775, st_nlink=6, st_uid=48, st_gid=48, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/01/23-17:22:01, st_mtime=2013/01/23-17:21:59, st_ctime=2013/01/23-17:21:59}) = 0
lstat("/var", {st_dev=makedev(253, 0), st_ino=1310721, st_mode=S_IFDIR|0755, st_nlink=21, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, st_atime=2013/01/23-15:36:59, st_mtime=2013/01/14-19:17:12, st_ctime=2013/01/14-19:17:12}) = 0
open("/var/www/html/t.php", O_RDONLY) = 10
fstat(10, {st_dev=makedev(253, 0), st_ino=1445263, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=260, st_atime=2013/01/24-12:08:44, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
fstat(10, {st_dev=makedev(253, 0), st_ino=1445263, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=260, st_atime=2013/01/24-12:08:44, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
fstat(10, {st_dev=makedev(253, 0), st_ino=1445263, st_mode=S_IFREG|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=260, st_atime=2013/01/24-12:08:44, st_mtime=2013/01/24-12:08:44, st_ctime=2013/01/24-12:08:44}) = 0
mmap(NULL, 260, PROT_READ, MAP_SHARED, 10, 0) = 0x7f6ff07c4000
munmap(0x7f6ff07c4000, 260) = 0
close(10) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({5, 0}, 0x7fff6c0d5080) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 10
fcntl(10, F_SETFL, O_RDONLY) = 0
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(10, {sa_family=AF_INET, sin_port=htons(3306), sin_addr=inet_addr("192.168.9.101")}, 16) = -1 EACCES (Permission denied)
fcntl(10, F_SETFL, O_RDWR) = 0
shutdown(10, 2 /* send and receive */) = -1 ENOTCONN (Transport endpoint is not connected)
close(10) = 0
write(2, "[Thu Jan 24 13:14:08 2013] [error] [client 192.168.9.64] PHP Warning: mysql_connect(): Can't connect to MySQL server on '192.168.9.101' (13) in /var/www/html/t.php on line 5\n", 175) = 175
socket(PF_FILE, SOCK_STREAM, 0) = 10
fcntl(10, F_SETFL, O_RDONLY) = 0
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(10, {sa_family=AF_FILE, path="/var/lib/mysql/mysql.sock"}, 110) = 0
fcntl(10, F_SETFL, O_RDWR) = 0
setsockopt(10, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
setsockopt(10, SOL_SOCKET, SO_SNDTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
setsockopt(10, SOL_IP, IP_TOS, [8], 4) = -1 EOPNOTSUPP (Operation not supported)
setsockopt(10, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
poll([{fd=10, events=POLLIN}], 1, 60000) = 1 ([{fd=10, revents=POLLIN}])
read(10, "4\0\0\0\n5.1.66\0w\0\0\0Mf:.v,r{\0\377\367\10\2\0\0\0\0\0\0\0\0\0\0\0\0\0\000401GQA0kN$g[\0", 16384) = 56
geteuid() = 48
open("/proc/self/loginuid", O_RDONLY) = 11
read(11, "0", 12) = 1
close(11) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 11
fstat(11, {st_dev=makedev(253, 0), st_ino=263856, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=1472, st_atime=2013/01/23-15:40:56, st_mtime=2013/01/23-15:40:28, st_ctime=2013/01/23-15:40:28}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6ff07c4000
read(11, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\nsync:x:5:0:sync:/sbin:/bin/sync\nshutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\nhalt:x:7:0:halt:/sbin:/sbin/halt\nmail:x:8:12:mail:/var/spool/mail:/sbin/nologin\nuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin\noperator:x:11:0:operator:/root:/sbin/nologin\ngames:x:12:100:games:/usr/games:/sbin/nologin\ngopher:x:13:30:gopher:/var/gopher:/sbin/nologin\nftp:x:14:50:FTP User:/var/ftp:/sbin/nologin\nnobody:x:99:99:Nobody:/:/sbin/nologin\ndbus:x:81:81:System message bus:/:/sbin/nologin\nvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin\nrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin\nabrt:x:173:173::/etc/abrt:/sbin/nologin\nhaldaemon:x:68:68:HAL daemon:/:/sbin/nologin\nntp:x:38:38::/etc/ntp:/sbin/nologin\nsaslauth:x:499:76:\"Saslauthd user\":/var/empty/saslauth:/sbin/nologin\npostfix:x:89:89::/var/spool/post"..., 4096) = 1472
close(11) = 0
munmap(0x7f6ff07c4000, 4096) = 0
write(10, "&\0\0\1\205\242\2\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0root\0\0", 42) = 42
read(10, "G\0\0\2\377\25\4#28000Access denied for user 'root'@'localhost' (using password: NO)", 16384) = 75
shutdown(10, 2 /* send and receive */) = 0
close(10) = 0
write(2, "[Thu Jan 24 13:14:08 2013] [error] [client 192.168.9.64] PHP Warning: mysql_select_db(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/t.php on line 7\n", 186) = 186
write(2, "[Thu Jan 24 13:14:08 2013] [error] [client 192.168.9.64] PHP Warning: mysql_select_db(): A link to the server could not be established in /var/www/html/t.php on line 7\n", 169) = 169
socket(PF_FILE, SOCK_STREAM, 0) = 10
fcntl(10, F_SETFL, O_RDONLY) = 0
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(10, {sa_family=AF_FILE, path="/var/lib/mysql/mysql.sock"}, 110) = 0
fcntl(10, F_SETFL, O_RDWR) = 0
setsockopt(10, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
setsockopt(10, SOL_SOCKET, SO_SNDTIMEO, "\2003\341\1\0\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
setsockopt(10, SOL_IP, IP_TOS, [8], 4) = -1 EOPNOTSUPP (Operation not supported)
setsockopt(10, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
poll([{fd=10, events=POLLIN}], 1, 60000) = 1 ([{fd=10, revents=POLLIN}])
read(10, "4\0\0\0\n5.1.66\0x\0\0\0{o:sT+u0\0\377\367\10\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0+(&'/XMXT|4,\0", 16384) = 56
geteuid() = 48
open("/proc/self/loginuid", O_RDONLY) = 11
read(11, "0", 12) = 1
close(11) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 11
fstat(11, {st_dev=makedev(253, 0), st_ino=263856, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=1472, st_atime=2013/01/23-15:40:56, st_mtime=2013/01/23-15:40:28, st_ctime=2013/01/23-15:40:28}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6ff07c4000
read(11, "root:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\nsync:x:5:0:sync:/sbin:/bin/sync\nshutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\nhalt:x:7:0:halt:/sbin:/sbin/halt\nmail:x:8:12:mail:/var/spool/mail:/sbin/nologin\nuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin\noperator:x:11:0:operator:/root:/sbin/nologin\ngames:x:12:100:games:/usr/games:/sbin/nologin\ngopher:x:13:30:gopher:/var/gopher:/sbin/nologin\nftp:x:14:50:FTP User:/var/ftp:/sbin/nologin\nnobody:x:99:99:Nobody:/:/sbin/nologin\ndbus:x:81:81:System message bus:/:/sbin/nologin\nvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin\nrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin\nabrt:x:173:173::/etc/abrt:/sbin/nologin\nhaldaemon:x:68:68:HAL daemon:/:/sbin/nologin\nntp:x:38:38::/etc/ntp:/sbin/nologin\nsaslauth:x:499:76:\"Saslauthd user\":/var/empty/saslauth:/sbin/nologin\npostfix:x:89:89::/var/spool/post"..., 4096) = 1472
close(11) = 0
munmap(0x7f6ff07c4000, 4096) = 0
write(10, "&\0\0\1\205\242\2\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0root\0\0", 42) = 42
read(10, "G\0\0\2\377\25\4#28000Access denied for user 'root'@'localhost' (using password: NO)", 16384) = 75
shutdown(10, 2 /* send and receive */) = 0
close(10) = 0
write(2, "[Thu Jan 24 13:14:08 2013] [error] [client 192.168.9.64] PHP Warning: mysql_query(): Access denied for user 'root'@'localhost' (using password: NO) in /var/www/html/t.php on line 11\n", 183) = 183
write(2, "[Thu Jan 24 13:14:08 2013] [error] [client 192.168.9.64] PHP Warning: mysql_query(): A link to the server could not be established in /var/www/html/t.php on line 11\n", 166) = 166
chdir("/") = 0
setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0
writev(9, [{"HTTP/1.1 200 OK\r\nDate: Thu, 24 Jan 2013 11:14:03 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nX-Powered-By: PHP/5.3.3\r\nContent-Length: 62\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n", 192}, {"Access denied for user 'root'@'localhost' (using password: NO)", 62}], 2) = 254
write(6, "192.168.9.64 - - [24/Jan/2013:13:14:03 +0200] \"GET /t.php HTTP/1.1\" 200 62 \"-\" \"Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0\"\n", 150) = 150
shutdown(9, 1 /* send */) = 0
poll([{fd=9, events=POLLIN}], 1, 2000) = 1 ([{fd=9, revents=POLLIN|POLLHUP}])
read(9, "", 512) = 0
close(9) = 0
read(4, 0x7fff6c0d77bf, 1) = -1 EAGAIN (Resource temporarily unavailable)
accept4(3,


I couldn't find anything interesting in apache conf, php.ini or php conf for apache, and clearly this is the issue:

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 10
fcntl(10, F_SETFL, O_RDONLY) = 0
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(10, {sa_family=AF_INET, sin_port=htons(3306), sin_addr=inet_addr("192.168.9.101")}, 16) = -1 EACCES (Permission denied)
fcntl(10, F_SETFL, O_RDWR) = 0
shutdown(10, 2 /* send and receive */) = -1 ENOTCONN (Transport endpoint is not connected)

but I don't know where to look.

The system is:
# cat /etc/redhat-release
CentOS release 6.3 (Final)

with

Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3

# iptables -n -L -v
...
Chain OUTPUT (policy ACCEPT 68812 packets, 216M bytes)
pkts bytes target prot opt in out source destination

no outgoing rules.

Btw, no problems connecting with commandline client:
# netstat -npla | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3027/mysqld
tcp 0 0 192.168.9.103:58036 192.168.9.101:3306 ESTABLISHED 20317/mysql
unix 2 [ ACC ] STREAM LISTENING 17169 3027/mysqld /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 13542130 3027/mysqld /var/lib/mysql/mysql.sock
unix 3 [ ] STREAM CONNECTED 13542129 7281/mysql

And here's the script itself:
<?php

mysql_connect("192.168.9.101","******","******");

mysql_select_db("***");

$sql =" select * from event_current limit 1; ";

$r= mysql_query($sql) or die(mysql_error());

while ( $res = mysql_fetch_assoc($r) ) {
var_dump($res);
}

?>

If you need any other info, please let me know and I'll run it, etc.

Very mysterious problem for me... Might be something about selinux, I'm not familiar with this...

These are fresh installs of mysql, php, apache on a fresh centos 6.3 install, btw - nothing modified. Except one rule in iptables to allow connections to port 80.

-Alex

Guttorm 01-24-2013 10:25 AM

Hi

The logs show it's the mysql_connect that is failing. The PHP script should check and give error message. Most of the stuff in the log is things failing later because it failed to connect.

PHP Code:

mysql_connect("192.168.9.101","******","******") or die("Failed to connect to the database"); 

From the log:

Quote:

connect(10, {sa_family=AF_INET, sin_port=htons(3306), sin_addr=inet_addr("192.168.9.101")}, 16) = -1 EACCES (Permission denied)
This is the reason, the PHP script was not allowed to make network connections. I think it's SELinux blocking it:

Quote:

[Thu Jan 24 12:01:17 2013] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
Here's a link to someone with the same problem, with solutions:

http://darktraining.com/CentOS/62/

sasheto86 01-24-2013 10:43 AM

FIXED - Connection issue involving mysql when run through apache php but not through cli php.
 
GUTTORM - THANK YOU - THIS FIXES THE ISSUE

From the page that you linked had this suggested fix (selinux issue):

/usr/sbin/setsebool -P httpd_can_network_connect_db 1

I set this and now httpd_can_network_connect_db :D


All times are GMT -5. The time now is 10:32 AM.