symfony2: I still can not set cache/ directory permissions (setfacl, umask)

3
votes

I have run this lines:

HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`
sudo setfacl -Rn -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dRn -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs

but my server (apache) can not write in the cache/ directory... This is the error:

PHP Fatal error: Uncaught exception 'RuntimeException' with message 'Unable to create the cache directory (/home/tirengarfio/workspace/nataliacanellas/app/cache/dev)\n' in /home/tirengarfio/workspace/nataliacanellas/app/bootstrap.php.cache:2471\nStack trace:\n#0 /home/tirengarfio/workspace/nataliacanellas/app/bootstrap.php.cache(2432): Symfony\Component\HttpKernel\Kernel->buildContainer()\n#1 /home/tirengarfio/workspace/nataliacanellas/app/bootstrap.php.cache(2212): Symfony\Component\HttpKernel\Kernel->initializeContainer()\n#2 /home/tirengarfio/workspace/nataliacanellas/app/bootstrap.php.cache(2243): Symfony\Component\HttpKernel\Kernel->boot()\n#3 /home/tirengarfio/workspace/nataliacanellas/web/app_dev.php(29): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))\n#4 {main}\n thrown in /home/tirengarfio/workspace/nataliacanellas/app/bootstrap.php.cache on line 2471

Of course, I installed acl and added this:

`UUID=857ea3b1-a007-483c-83be-71f77c6455b7 /               ext4    errors=remount-ro,acl 0       1
`

and remount /.

I have also tried this:

<?php

umask(0000); // This will let the permissions be 0777

inside app/console, web/app_dev.php and web/app.php, but the error is still the same.

1
symfony
What is the result of getfacl app/cache? Is your apache running under an unusual username? Did you check if the fs is mounted with acl? You can do this by running mount and check for the acl in the output.ferdynator
@ferdynator this is the output: gist.github.com/Ziiweb/9808750ziiweb
@ferdynator this is the output of mount: gist.github.com/Ziiweb/9808946ziiweb
Hm. Your permissions are more than you need. Are you running a virtual machine? Maybe vagrant or so?ferdynator
@ferdynator no, im on ubuntu 13.10ziiweb

1 Answers

1
votes

Perhaps I am quite late in answering this, but seeing as I had the same issues and this thread was one of the first results in Google, I thought I would post my solution here.

Background

My Apache2 install runs under the www-data group, as evidenced by the output of:

    $ ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1
    www-data

For reference, I keep my local /var/www in Ubuntu 14.04 with group read/write permissions and ownership set to $USER:www-data: 

    $ sudo chown -R $USER:www-data /var/www
    $ sudo chmod -R g+rw /var/www

Additionally, I have my $USER in the www-data group using 

    $ usermod -aG www-data $USER

I set these permissions in order to allow my account write access to /var/www for local development purposes.

Solution

Foremost, I sought to use chmod and chown instead of applying the setfacl logic presented in the Symfony book. I have no especial reasoning for this besides being more familiar with the ch* family of permission commands.

The solution using my approach was simply setting the app/cache and app/logs directory ownership to www-data:www-data by running:

    $ sudo chown -R www-data:www-data app/cache
    $ sudo chown -R www-data:www-data app/logs

This ensures Apache2 and PHP have write access to those directories. Checking my umask:

    $ cd app/cache
    $ umask
    0002

This indicates permission bits 0775 and is one umask value suggested in the Symfony book when setting permissions without ACL.

A related thread on granting write permissions to www-data may help elucidate further.