PHP8, or perhaps mysql, "could not open /dev/crypto"

Jagboy · February 15, 2023, 5:29pm

I'm REALLY close to having PHP and SQL playing nice with each other. My previous problem turned out to be that my PHP script was logging into SQL as 'pi'@'localhost", rather than 'pi'@'127'0.0.1'. The former has worked perfectly for years on Debian Linux, but I can live with this, since SQL only needs to be accessible from the one system.

But, after making the above change, when I run any PHP script that accesses the mysql database, it throws the error "could not open /dev/crypto", unless the script is run by root. With the previous versions of PHP/SQL I've run under Debian Linux, I only needed to install mysqli. But, to get php8-mod-mysqli working on OpenWRT, I MUST also install php8-mod-mysqlnd which in turn installs php8-mod-openssl. I suspect this error is a result of the openssl install, but it MUST be there for mysqli to work. I assume it is some simple permissions issue, but I have been unable to resolve it in an acceptable manner. As I said, it works fine for the root user, but not for any normal user. So, I changed permissions on /dev/crypto to a+rw, and it now works for everyone, but I suspect that is not good from a security perspective. Surely there is a better way?

bluewavenet · February 15, 2023, 6:08pm

Have you created a user called "pi"?

frollic · February 15, 2023, 6:27pm

And you're still not using an official openwrt image, right ?

Jagboy · February 15, 2023, 7:10pm

Yes, there is a pi user, and this problem does not occur if permissions on /dev/crypto are set to "a+rw", so I do nothing think it is a problem with SQL permissions.

bluewavenet · February 15, 2023, 7:12pm

So lets assume you have created a user "pi".
Also, as you have not mentioned it, lets also assume you are running your php scripts from a web server via php-cgi.

I would expect you would have your web server running as the "pi" user. Have you set this up?

If so what web server are you using?

Jagboy · February 15, 2023, 7:14pm

Yes, it is the same OpenWRT image. So this could be a result of whatever changes they made in porting to their hardware.

I'm actually reasonably ok with leaving "a+rw" on /dev/crypto, as this is basically a closed, isolated, embedded system, so I'm really not concerned about hacking. But if there is an obvious, "cleaner" solution, I would like to use it.

badulesia · February 15, 2023, 7:53pm

Hi.
Can you write a tutorial if you can make both MariaDB and PHP running?
Thank you.