Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

storage directory creation causes permission issues with bref/php-82-fpm-dev:2 #117

Open
aknosis opened this issue May 3, 2023 · 6 comments · May be fixed by #118
Open

storage directory creation causes permission issues with bref/php-82-fpm-dev:2 #117

aknosis opened this issue May 3, 2023 · 6 comments · May be fixed by #118

Comments

@aknosis
Copy link

aknosis commented May 3, 2023

When storage directories are created for the first time they get created as root:root (due to being executed by bref hooks).

The issue is that web requests cannot write to the storage directory because fpm runs under the nobody user and you end up with errors like below.

If I delete /tmp/storage after initial creation and fire a web request, it will happily create the storage directories as nobody:nobody.

Curious on thoughts of how to solve this.

Exception: Unable to create lockable file: /tmp/storage/framework/cache/ec/c4/ecc49f49f4da6b940dcde13f0571e79c299871e6. Please ensure you have permission to create files in this location. in file /var/task/vendor/laravel/framework/src/Illuminate/Filesystem/LockableFile.php on line 73

#0 /var/task/vendor/laravel/framework/src/Illuminate/Filesystem/LockableFile.php(43): Illuminate\Filesystem\LockableFile->createResource('/tmp/storage/fr...', 'c+')
#1 /var/task/vendor/laravel/framework/src/Illuminate/Cache/FileStore.php(108): Illuminate\Filesystem\LockableFile->__construct('/tmp/storage/fr...', 'c+')
#2 /var/task/vendor/laravel/framework/src/Illuminate/Cache/Repository.php(318): Illuminate\Cache\FileStore->add('a75f3f172bfb296...', 1683138765, 60)
#3 /var/task/vendor/laravel/framework/src/Illuminate/Cache/RateLimiter.php(118): Illuminate\Cache\Repository->add('a75f3f172bfb296...', 1683138765, 60)
#4 /var/task/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(149): Illuminate\Cache\RateLimiter->hit('a75f3f172bfb296...', 60)
...
@mnapoli
Copy link
Member

mnapoli commented May 3, 2023

Thank you for the detailed report and investigation!

Maybe a simple fix could be to chmod 777 the storage dir? Any downside?

@georgeboot
Copy link
Contributor

Is this only an issue on the dev images, or on all fpm images?

@mnapoli
Copy link
Member

mnapoli commented May 5, 2023

oh good point!

@georgeboot georgeboot linked a pull request May 5, 2023 that will close this issue
Open
@aknosis
Copy link
Author

aknosis commented May 8, 2023

I tested in Lambda with php-82-fpm and it seems that everything is run under sbx_user1051. This means that the initial bref startup and the fpm user are both the same so this won't be an issue in Lambda.

Startup logs:

INIT_START Runtime Version: provided:al2.v17	Runtime Version ARN: arn:aws:lambda:us-east-1::runtime:f35635a04216ba4e6a0e74d3c2db080d443709a8f3f2e71fedf54a4f8756705d
Creating storage directories: /tmp/storage/bootstrap/cache, /tmp/storage/framework/cache, /tmp/storage/framework/views, /tmp/storage/psysh
NOTICE: [pool default] 'user' directive is ignored when FPM is not running as root

Output of ls -alR /tmp:

/tmp:
total 16
drwx------ 4 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 1 root root 4096 Nov 3 2022 ..
drwxrwxr-x 2 sbx_user1051 990 4096 May 8 17:04 .bref
drwxr-xr-x 5 sbx_user1051 990 4096 May 8 17:04 storage

/tmp/.bref:
total 12
drwxrwxr-x 2 sbx_user1051 990 4096 May 8 17:04 .
drwx------ 4 sbx_user1051 990 4096 May 8 17:04 ..
-rw-r--r-- 1 sbx_user1051 990 2 May 8 17:04 php-fpm.pid
srw-rw---- 1 sbx_user1051 990 0 May 8 17:04 php-fpm.sock

/tmp/storage:
total 20
drwxr-xr-x 5 sbx_user1051 990 4096 May 8 17:04 .
drwx------ 4 sbx_user1051 990 4096 May 8 17:04 ..
drwxr-xr-x 3 sbx_user1051 990 4096 May 8 17:04 bootstrap
drwxr-xr-x 4 sbx_user1051 990 4096 May 8 17:04 framework
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 psysh

/tmp/storage/bootstrap:
total 12
drwxr-xr-x 3 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 5 sbx_user1051 990 4096 May 8 17:04 ..
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 cache

/tmp/storage/bootstrap/cache:
total 8
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 3 sbx_user1051 990 4096 May 8 17:04 ..

/tmp/storage/framework:
total 16
drwxr-xr-x 4 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 5 sbx_user1051 990 4096 May 8 17:04 ..
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 cache
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 views

/tmp/storage/framework/cache:
total 8
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 4 sbx_user1051 990 4096 May 8 17:04 ..

/tmp/storage/framework/views:
total 8
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 4 sbx_user1051 990 4096 May 8 17:04 ..

/tmp/storage/psysh:
total 8
drwxr-xr-x 2 sbx_user1051 990 4096 May 8 17:04 .
drwxr-xr-x 5 sbx_user1051 990 4096 May 8 17:04 ..

777 perms on storage will work, but I am curious why are we assigning the user to nobody?

@mnapoli
Copy link
Member

mnapoli commented May 9, 2023

but I am curious why are we assigning the user to nobody?

IIRC this is because when running in Docker, things run as root and FPM doesn't like running as root.

@aknosis
Copy link
Author

aknosis commented May 9, 2023

Maybe a simple fix could be to chmod 777 the storage dir? Any downside?

I'm fine with this, I don't foresee any negative impact in the dev image or in Lambda

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create storage directories as 777 brefphp/laravel-bridge
3 participants
@aknosis @mnapoli @georgeboot