Permissions issues on Symfony2

Some preliminary explanations:

  • In order to enhance the performance of your website, Symfony2 needs to cache a lot of data and it does this by writing compiled files into your app/cache directory.
  • In order to propose powerful debugging and monitoring facilities, Symfony2 needs to track your website behavior and it does this by writing trace files into your app/logs directory.

Some words about Apache:

  • Apache runs under a specific user and a specific group (usually www-data for both, but you have to check your installation to find the used ones. For example, if you search in the /etc/apache2/envvars in Linux, you will have two variables APACHE_RUN_USER=www-data and APACHE_RUN_GROUP=www-data).
  • It means that when you build your website upon Symfony2 shoulders and you run it under Apache, every writes and reads are made on behalf of the Apache user and group.

Analyze of your problems:

  • First of all you have errors like:

    Change the permissions of the "app/cache/" directory so that the web server can write into it.
    Change the permissions of the "app/logs/" directory so that the web server can write into it.
    

    because your app/cache and app/logs folders are not writable for your Apache user and group.

  • Secondly, by executing:

    sudo chmod +a "_www allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
    sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
    

    you are modifying the Access Control List (ACL) of the app/cache and app/logs folders in order to grant some permissions to whoami (basically you) and to _www. This approach does not work and can have two origins:

    1. You are modifying ACLs, but are your kernel and your file system configured to take into account ACLs?

    2. You are giving some permissions to whoami and to _www, but have you checked that your Apache instance runs under one of these users?

  • Thirdly your colleagues solve the problem by executing:

    sudo chmod -R 777 app/cache 
    

    This approach works because of two reasons:

    1. You give all permissions (reads and writes) to every user on your system (777), so you are sure that at least your Apache user and group have also the needed permissions to write in app/cache.
    2. You do it recursively (-R), so all the nested folders created in the app/cache directory are also concerned by the new permissions.

Simple solution:

  1. Delete the content of your app/cache and app/logs folders:

    rm -rf app/cache/*
    rm -rf app/logs/*
    
  2. Give all permissions (reads and writes) to your app/cache and app/logs folders:

    chmod 777 app/cache
    chmod 777 app/logs
    

Remarks:

  • There are also other solutions (with a greater difficulty) like giving permission to the specific Apache user and group and using ACLs for fine tuning.

The guide under the "Setting up permissions" says that if your system doesn't support chmod +a you have to do this:

HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`

sudo setfacl -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX app/cache app/logs

If that doesn't work try this:

umask(0002); // This will let the permissions be 0775

// or

umask(0000); // This will let the permissions be 0777

First solution worked for me. I hope it helps someone with the same type of issue.


rm -rf app/cache/*
rm -rf app/logs/*


APACHEUSER=`ps aux | grep -E '[a]pache|[h]ttpd' | grep -v root | head -1 | cut -d\  -f1`
sudo setfacl -R -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs
sudo setfacl -dR -m u:$APACHEUSER:rwX -m u:`whoami`:rwX app/cache app/logs

Source: http://symfony.com/doc/current/book/installation.html#configuration-and-setup