Permissions issues on Symfony2
Some preliminary explanations:
- In order to enhance the performance of your website, Symfony2 needs to cache a lot of data and it does this by writing compiled files into your
app/cache
directory. - In order to propose powerful debugging and monitoring facilities, Symfony2 needs to track your website behavior and it does this by writing trace files into your
app/logs
directory.
Some words about Apache:
- Apache runs under a specific
user
and a specificgroup
(usuallywww-data
for both, but you have to check your installation to find the used ones. For example, if you search in the/etc/apache2/envvars
in Linux, you will have two variablesAPACHE_RUN_USER=www-data
andAPACHE_RUN_GROUP=www-data
). - It means that when you build your website upon Symfony2 shoulders and you run it under Apache, every writes and reads are made on behalf of the Apache
user
andgroup
.
Analyze of your problems:
First of all you have errors like:
Change the permissions of the "app/cache/" directory so that the web server can write into it. Change the permissions of the "app/logs/" directory so that the web server can write into it.
because your
app/cache
andapp/logs
folders are not writable for your Apacheuser
andgroup
.Secondly, by executing:
sudo chmod +a "_www allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
you are modifying the Access Control List (ACL) of the
app/cache
andapp/logs
folders in order to grant some permissions towhoami
(basically you) and to_www
. This approach does not work and can have two origins:You are modifying ACLs, but are your kernel and your file system configured to take into account ACLs?
You are giving some permissions to
whoami
and to_www
, but have you checked that your Apache instance runs under one of these users?
Thirdly your colleagues solve the problem by executing:
sudo chmod -R 777 app/cache
This approach works because of two reasons:
- You give all permissions (reads and writes) to every user on your system (
777
), so you are sure that at least your Apache user and group have also the needed permissions to write inapp/cache
. - You do it recursively (
-R
), so all the nested folders created in theapp/cache
directory are also concerned by the new permissions.
- You give all permissions (reads and writes) to every user on your system (
Simple solution:
Delete the content of your
app/cache
andapp/logs
folders:rm -rf app/cache/* rm -rf app/logs/*
Give all permissions (reads and writes) to your
app/cache
andapp/logs
folders:chmod 777 app/cache chmod 777 app/logs
Remarks:
- There are also other solutions (with a greater difficulty) like giving permission to the specific Apache user and group and using ACLs for fine tuning.
The guide under the "Setting up permissions" says that if your system doesn't support chmod +a you have to do this:
HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
If that doesn't work try this:
umask(0002); // This will let the permissions be 0775
// or
umask(0000); // This will let the permissions be 0777
First solution worked for me. I hope it helps someone with the same type of issue.
rm -rf app/cache/*
rm -rf app/logs/*
APACHEUSER=`ps aux | grep -E '[a]pache|[h]ttpd' | grep -v root | head -1 | cut -d\ -f1`
sudo setfacl -R -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs
Source:
http://symfony.com/doc/current/book/installation.html#configuration-and-setup