For my Symfony application I build a deployment script with ANT. In the installation manual you can see that you need to set permissions to the app/cache/ and app/logs directories. I therefore use the following approach on command line:
sudo chmod +a "_www allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
The approach with setfacl does not work for me (Mac OS) and the third option with umask is no option for me.
So I was thinking about how to do this with ANT and came up with that:
<chmod perm="+a '_www allow delete,write,append,file_inherit,directory_inherit'">
<fileset dir="app/cache" />
<fileset dir="app/logs" />
</chmod>
The problem is it does nothing. I don't even get an error message nor do the permissions change. Any suggestions for that? I can't use a workaround like perm="0775" or perm="0777" because then I can't delete it anymore with ANT (only with sudo ant, but that is not what I want).
Any suggestions how to handle this?
Ok, got it:
<exec executable="chmod" dir="webroot" failonerror="true">
<arg line="+a '_www allow delete,write,append,file_inherit,directory_inherit' app/cache app/logs" />
</exec>
My system (Debian Wheezy) doesn't seem to support the +a attribute, but this has worked for me (second option in the docs):
<exec executable="/bin/sh" dir="${basedir}/app" failonerror="true">
<arg value="-c"/>
<arg value="setfacl -dR -m u:www-data:rwX -m u:`whoami`:rwX cache logs"/>
</exec>
Using sh -c seems to be necessary as I couldn't use the backticks for whoami without it.
You'll probably need to change dir="${basedir}/app" to your own app path.
Related
I am setting up a new server and installed Ubuntu 18.04 in combination with Apache2. My project is stored in /var/www/project. In apache2.conf I added
<Directory /var/www/project/>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
In my virtualhosts file I point to /var/www/project/public
When I go to the Ip address of my server I see my project and everything works, except one thing:
whenever I clear the cache with php bin/console cache:clear the permissions of my directory var are messed up which results in errors in the production environment.
I can fix this with:
chmod -R 777 var/
But the problem returns wheneven I clear the cache again. I tried with different users including root, but always the same problem. I do not understand what is causing this. In the documentation on file permissions it says:
In Symfony 3.x, you needed to do some extra work to make sure that your cache directory was writable. But that is no longer true! In Symfony 4, everything works automatically
Well not for me, but what could cause the problem?
The problem
The cache directory is owned by the user executing the cache:clear command.
Lets say your project files are owned by www-data.
Clearing the cache with root user
Cache is owned by root
www-data can't write in cache directory
Solution
execute cache:clear using the user owning the files.
Login as www-data: su www-data -s /bin/bash
clear the cache ./bin/console cache:clear
Depending on your settings, your www-data user may be different
The solution that worked for me (using Symfony 3.x and Ubuntu 18.04) is the one explained in the official site, here:
https://symfony.com/doc/3.4/setup/file_permissions.html#using-acl-on-a-system-that-supports-setfacl-linux-bsd
Maybe that solution work also with Symfony 4?
Extract:
3. Using ACL on a System that Supports setfacl (Linux/BSD)
Most Linux and BSD distributions don't support chmod +a, but do
support another utility called setfacl. You may need to install
setfacl and enable ACL support on your disk partition before using it.
Then, use the following script to determine your web server user and
grant the needed permissions:
HTTPDUSER=$(ps axo user,comm | grep -E
'[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1
| cut -d\ -f1)
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:$(whoami):rwX var
Note:
The first setfacl command sets permissions for future files and
folders, while the second one sets permissions on the existing files
and folders. Both of these commands assign permissions for the system
user and the Apache user.
setfacl isn't available on NFS mount points. However, storing cache
and logs over NFS is strongly discouraged for performance reasons.
Personal hint:
sudo apt-get install setfacl may says "unable to find setfacl".
If so:
check if setfacl is present: setfacl -h
setfacl is part of the acl package, so install acl if missed
It took me quite a while to solve the problem in Symfony 4.4 that only was present in PROD but not in DEV. I still don't know what difference between PROD and DEV caused it, however. At least it's working now.
If ACL is present, the first solution in https://symfony.com/doc/4.4/setup/file_permissions.html#permissions-required-by-symfony-applications should work. I just manually set the HTTPDUSER since the given code returned the wrong one. Else, setting the permissions after every single cache:clear should do the job, too:
sudo chown -R "$local_user":"$webserver_group" "$app_dir/var/"
sudo chmod -R 0777 "$app_dir/var/"
Maybe you have to manually delete old files in var/ bevore first by rm -rf var/*
I want to clear the cache, but I got an error that file is not writable, so I choose to delete cache folder manually, but that too doesn't work.
I have all permissions to delete files but I didn't understand what's the problem.
may be ACL can help you, try this:
sudo chmod -R 777 app/cache
sudo setfacl -dR -m u::rwX app/cache
Symfony2 doc has clear instructions how to setup your cache in proper way "Setting up Permissions" http://symfony.com/doc/current/book/installation.html
The problem is when I clear caches in my Symfony project on production environment, I should type this command for giving right permissions to cache folder:
cd app/cache
sudo chmod -R a+w *
But is there any way to not typing these commands each time?
try this
sudo setfacl -dR -m u::rwX app/cache
This question has been asked several times but none of the solutions fix it in my situation.
I am running Apache on Mac OSX Lion. This http://localhost/Symfony/web/config.php URL triggers 2 major problems:
Change the permissions of the "app/cache/" directory so that the web server can write into it.
Change the permissions of the "app/logs/" directory so that the web server can write into it.
Following the guide under "Setting up Permissions":
rm -rf app/cache/*
rm -rf app/logs/*
sudo chmod +a "_www allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
That doesn't solve the problems, so then I tried:
sudo chmod -R 777 app/cache
That doesn't work either. Any ideas how to fix this?
Some preliminary explanations:
In order to enhance the performance of your website, Symfony2 needs to cache a lot of data and it does this by writing compiled files into your app/cache directory.
In order to propose powerful debugging and monitoring facilities, Symfony2 needs to track your website behavior and it does this by writing trace files into your app/logs directory.
Some words about Apache:
Apache runs under a specific user and a specific group (usually www-data for both, but you have to check your installation to find the used ones. For example, if you search in the /etc/apache2/envvars in Linux, you will have two variables APACHE_RUN_USER=www-data and APACHE_RUN_GROUP=www-data).
It means that when you build your website upon Symfony2 shoulders and you run it under Apache, every writes and reads are made on behalf of the Apache user and group.
Analyze of your problems:
First of all you have errors like:
Change the permissions of the "app/cache/" directory so that the web server can write into it.
Change the permissions of the "app/logs/" directory so that the web server can write into it.
because your app/cache and app/logs folders are not writable for your Apache user and group.
Secondly, by executing:
sudo chmod +a "_www allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
you are modifying the Access Control List (ACL) of the app/cache and app/logs folders in order to grant some permissions to whoami (basically you) and to _www.
This approach does not work and can have two origins:
You are modifying ACLs, but are your kernel and your file system configured to take into account ACLs?
You are giving some permissions to whoami and to _www, but have you checked that your Apache instance runs under one of these users?
Thirdly your colleagues solve the problem by executing:
sudo chmod -R 777 app/cache
This approach works because of two reasons:
You give all permissions (reads and writes) to every user on your system (777), so you are sure that at least your Apache user and group have also the needed permissions to write in app/cache.
You do it recursively (-R), so all the nested folders created in the app/cache directory are also concerned by the new permissions.
Simple solution:
Delete the content of your app/cache and app/logs folders:
rm -rf app/cache/*
rm -rf app/logs/*
Give all permissions (reads and writes) to your app/cache and app/logs folders:
chmod 777 app/cache
chmod 777 app/logs
Remarks:
There are also other solutions (with a greater difficulty) like giving permission to the specific Apache user and group and using ACLs for fine tuning.
The guide under the "Setting up permissions" says that if your system doesn't support chmod +a you have to do this:
HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
If that doesn't work try this:
umask(0002); // This will let the permissions be 0775
// or
umask(0000); // This will let the permissions be 0777
First solution worked for me. I hope it helps someone with the same type of issue.
rm -rf app/cache/*
rm -rf app/logs/*
APACHEUSER=`ps aux | grep -E '[a]pache|[h]ttpd' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs
Source: http://symfony.com/doc/current/book/installation.html#configuration-and-setup
The Accepted answer is great however, in my case (Centos 7 & Symfony 4.3) even after setting permissions i was still getting error. It turns out SELinux was blocking Apache.
The following worked for me(change my-project to your Symfony install folder).
sudo chcon -R -t httpd_sys_script_rw_t /var/www/my-project/var/cache/
sudo chcon -R -t httpd_sys_script_rw_t /var/www/my-project/var/log/
You can also disable SELinux but only temporarily for the current session to isolate the issue(I don't recommend this for prod)
sudo setenforce 0
Credits
I am using symfony2 standard version, on linux mint 12.
I created a symfony2 project 2 days and everything went well, i installed a wrong bundle and messed up the project so i decided to delete the Symfony folder, and reinstall symfony.
And now, if i do php app/check.php i get the timezone error, although my timezone is set correctly, and the configuration page looks like this
i tried
rm -rf app/cache/*
rm -rf app/logs/*
and i tried
chmod -R 777 app/cache app/logs
could not fix it
Edit
php bin/vendors install --reinstall fixed the issue (Hakan Deryal thank you sir). However, I found out that if you rename the Symfony folder to symfony or any other name, you'll get the error, or everything goes normal but when you press Configure your Symfony Application online you'll get this error
Server error
The website encountered an error while retrieving http://localhost/mysite/web/app_dev.php/_configurator/. It may be down for maintenance or configured incorrectly.
Here are some suggestions:
Reload this webpage later.
HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.
So my next question is how to change of the symfony2 project , say you have 2 symfony2 project on localhost, they can't have the same name
Hi some time just clearing cache is not enough.
Event I came across the same type of problem, after clearing the cache, try to rebuild it.
commands are:
$ sudo php app/console cache:clear
$ sudo php app/console cache:warmup
$ sudo chmod 777 -R app/cache app/logs
The best way to set permission is to use ACLs:
sudo setfacl -R -m u:www-data:rwx -m u:`whoami`:rwx app/cache app/logs
sudo setfacl -dR -m u:www-data:rwx -m u:`whoami`:rwx app/cache app/logs
You could also try a chown www-data app/logs
Symfony reinstall at this point is not very relevant