php - PDO connection works from command line, but not through Apache?

Question

I have a very simple test script:

<?php

$DSN = "mysql:host=db.example.edu;port=3306;dbname=search_data";

try {

    $DB = new PDO($DSN, "username", "super-secret-password!");

} catch (PDOException $e) {

    header('Content-Type: text/plain');
    print "Could not connect to database, rawr. :-(";
    exit;

}


$SQL = "SELECT phrase FROM search ORDER BY RAND() LIMIT 10";

foreach($DB->query($SQL) as $row){

    print $row['phrase']."
";

}

?>

When I execute this script from the command line, it works perfectly:

$ php test.php
corporal punishment
Stretches
voluntary agencies and the resettlement of refugees
music and learning
Nike Tiger Woods Scandal
Hermeneia
PSYCHINFO
anthony bourdain
Black-White Couples and their Social Worlds
colonization, hodge

But when I access the exact same script through my web browser, it says:

Could not connect to database, rawr. :-(

I've tried var_dump on the error, and the message is: "SQLSTATE[HY000] [2003] Can't connect to MySQL server on 'db.example.edu' (13)".

This is puzzling. It's the exact same script on the exact same server -- why does it work when I execute it from the command line, but fail when Apache executes it?

Answer 1

If this is a Red Hat-derived distribution (RHEL, CentOS, Fedora, ScientificLinux) running SELinux (or any non Red Hat derivative using SELinux), the default policy setting at time of this writing is to prohibit Apache from making external connections to other servers or databases. As root, you must enable the following two SELinux booleans. Use the -P option to persist the change across a reboot.

setsebool -P httpd_can_network_connect=1
setsebool -P httpd_can_network_connect_db=1

Note that httpd_can_network_connect may not be necessary. Try it first turning on only httpd_can_network_connect_db.