OCI8 extensions load in CLI but not browser OCI8 extensions load in CLI but not browser apache apache

OCI8 extensions load in CLI but not browser


php apache centos selinux oci8

I have found the cause of the issue but I do not know how to permenantly solve it. Apparently, our test server is using SELinux set to "Enforce". Setting it to "Permissive" allows Apache/PHP to run the oci8 extension. My boss, however wants SELinux set back to "Enforce" for which I do not blame her. I'm going to look into creating an exception for Oracle/oci8.

php apache centos selinux oci8

Re. SELinux and OCI8 when running as an Apache module

Suggested solution from http://old.nabble.com/php-with-oci8-td16460446.html

you can customize your policy to allow this access using audit2allow 

# grep http /var/log/audit/audit.log | audit2allow -M myhttp # semodule -i myhttp.pp

This should allow you to run these oracle apps with SELinux in enforcing mode.

There's also a thread about this on the oracle forums

php apache centos selinux oci8

Ensure that you have ORACLE_HOME, ORACLE_SID and LD_LIBRARY_PATH in the Apache envvars. Remember that Apache is running as a daemon, so it doesn't necessarily have access to the same environment variables as when you run your PHP scripts from the command line.

ORACLE_HOME=/u01/app/oracle/product/10.1ORACLE_SID=orclexport ORACLE_HOME ORACLE_SIDexport LD_LIBRARY_PATH=${ORACLE_HOME}/lib:${LD_LIBRARY_PATH}

Depending where your database server is and how you connect to it you may also want to set TWO_TASK or TNS_ADMIN. To ensure the correct character set is used, you may also want to set NLS_LANG.

EDIT

I normally build PHP from source, so I have full control:

Assuming that the standard Oracle Client is running on the server, then my ./configure includes:

--with-pdo-oci=$ORACLE_HOME

On the couple of occasions when I've needed to build for the Oracle instant client, I've used

--with-pdo-oci=instantclient,/usr,10.2.0.3

in my ./configure line

Note that I use PDO_OCI rather than OCI8, but the ./configure should be similar

The other step that I take when deploying to a new server is to ensure that the apache user/group (as defined by the User and Group directives in httpd.conf... my apache runs as user "daemon") will have read and execute privilege to the files under ORACLE_HOME

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last