Magento cron changing folder permissions - php

We have a Magento website hosted on EC2 and for some reason var folder permissions keep on changing after some time. I think its happening because of magento default cron which runs every couple of hours and it seems it flushes the cache and at that time folder permission gets changed. Because of this website stops working.
Here is the screenshot of the error which we get once permissions are changed:
I am solving this by running chmod command through terminal but this is happening every couple of hours, so we need some permanent solution so that this problem is not repeated.

The probable answer is that the cron job executes under your user - and the directory is owned by apache (or www-data or nobody or whatever user your webserver runs as).
To get it to work, you could set up the cron job to run as the webserver user. Something like this:
su -l www-data -c 'crontab -e'
Alternatively, you could change the permissions to 775 (read-write-execute for the owner and group, and read-execute for others) and set the group ownership of the folder to the user running the cron job.

I think that you have some permission restriction in your folder, try these commands:
Magento File permissions:
chmod -R 644 ./*
find . -type d -exec chmod 755 {} ;
find . -type f -exec chmod 644 {} ;
chmod 550 ./mage

Related

How to set Laravel to generate files with required permissions

I have a deploy BASH script which runs as Jenkins CI job. It runs under the jenkins user. Deploy needs to delete old directory and replace it with new one. But there is a problem. Laravel generates the files like session or cache with chmod 644 as www-data user. It means although Jenkins is in the www-data group he can not delete the generated files cause group has only read permission.
I found something about permissions in Laravel documentation, but it does not work cause it is only for storage/app folder.
The question is is there a way to force Laravel or PHP demon to generate files with required permissions e.g. 664? Hope it is. Thanks for any help.
My straight forward solution is to run endless background script as root which find and deletes required directories every 10 seconds. It runs as nohup so it is still running although I close the terminal.
while true
do
find /var/www -maxdepth 1 -type d -name 'deploy-old-*' -exec rm -rf {} \;
sleep 10
done
The final solution is to set up ACL privileges for parent directory via setfacl command.
setfacl -R -dm "g:www-data:rw" /path/to/dir
This ensures the generated files will inherit the ACL privileges from parent dir.

Uploading files with PHP on a linux machine

I'm trying to make some sort of cloud application on a headless raspbian machine.
The testing happens on a wamp-server running on windows8.1. PHP version is 5.6
The code works fine on my testing windows, but I run into issues when running the same code on my linux server. I've narrowed down the issue to the fact that (the linux user behind) my PHP code doesn't have write permissions on the folder where it should store files.
I can think of two ways to solve the issue: either give that php-user permissions, or change the user behind the php code. The last one would be quite interesting if it was possible to change per-script.
So, for my concrete question:
1) Where can I find what user is being used by my PHP code?
2) Can I change what user my PHP code uses, preferably on a per-project basis?
EDIT:
My script was running as root, as is shown by echo get_current_user();. I changed ownership of all files to root:webhosting, which was previously ftpuser:ftpgroup. However, when setting permissions to 770 I get access denied
EDIT2:
When using var_dump(posix_geteuid()); instead of get_current_user();, i get UID 33, which matches user www-data.
SOLUTION:
By looking at the EUID with var_dump(posix_geteuid(); I was able to validate the actual user, which does NOT match the get_current_user();. Changing the directroy and all files in it with sudo chown -R www-data:www-data <root of site> I managed to set the correct permissions.
I am not sure what the specifics are but normally when I have issues like that I change the ownership to www-data:www-data and if necessary for upload folders I change the folder permissions to 0755 and inside files permissions to 0644.
EDIT
I changed the permissions setting for security purposes.
You're PHP/Apache user is probably www-data. You probably want to run something like this.
sudo find path/to/project/ -exec chown www-data:root {} \;
File permissions may also be a problem. If so, run something like this.
sudo find path/to/project/ -type d -exec chmod 775 {} \;
sudo find path/to/project/ -type f -exec chmod 664 {} \;

How to set root access for all files put inside my Apache2 root directory?

I am learning PHP at the moment on Linux. I have an Apache2 server running locally. Whenever I tried to save a PHP file into the root directory of Apache2 server ( /var/www/html/), I was told that permission denined.
So, I searched around and found that by default, the admininstartor do not have the root access unless explicitly request for it (like sudo su). I have also seen some posts which ask me to use gksu nautilus. However, my linux 14.04 LTS Ubuntu doesn't comes with it. (I know I can use apt-get gksu but at the moment, downloading it from internet is not an option).
Is there anyway that I can change the permission to my Apache2 server root directoy so that I can use any text editor to save/edit to that directory directly. Only the ways that do not need downloading stuffs from internet are feasiable for me at the moment.
For linux open the terminal with root login then go to the root folder and run the following command chmod 777 following is the example :-
To change all the directories to 777 (-rwxr-rwxr-rwxr):
find /opt/lampp/htdocs -type d -exec chmod 777 {} \;
To change all the files to 644 (-rwxr-rwxr--rwxr--):
find /opt/lampp/htdocs -type f -exec chmod 777 {} \;
If this will not work then try the following :-
Create a new group
groupadd webadmin
Add your users to the group
usermod -a -G webadmin user1
usermod -a -G webadmin user2
Change ownership of the sites directory
chown root:webadmin /var/www/html/
Change permissions of the sites directory
chmod 2775 /var/www/html/ -R
Now anybody can read the files (including the apache user) but only root and webadmin can modify their contents.
Hope this will help you in solving your problem.
You can set the DocumentRoot in your /etc/apache2/httpd.conf file to a place where Apache has write access. For example, you could set it to /tmp/www if you made a directory there. (If you still don't have access, you can always give everyone read access by running chmod a+r /tmp/www, but you should probably be fine.)
Obviously leaving your Apache Document Root as /tmp/www is a bad idea, so you can change it to something like /home/chris once you've got it working.
One important note: after you make a change like this, you must restart the Apache server. This can be done by running apachectl restart; ironically, you might have to have administrator rights in order to execute this (or even edit the config file in the first place), so make sure you prefix your edit & restart with sudo just in case.

file_put_contents(meta/services.json): failed to open stream: Permission denied

I am new to Laravel. I was trying to open http://localhost/test/public/ and I got
Error in exception handler.
I googled around and changed the permission of storage directory using chmod -R 777 app/storage but to no avail.
I changed debug=>true in app.php and visited the page and got Error in exception handler:
The stream or file "/var/www/html/test/app/storage/logs/laravel.log"
could not be opened: failed to open stream: Permission denied in
/var/www/html/test/bootstrap/compiled.php:8423
Then I changed the permissions of storage directory using the command chmod -R 644 app/storage and the 'Error in exception handler' error was gone and a page is loaded. But in there I am getting this:
file_put_contents(/var/www/html/laravel/app/storage/meta/services.json):
failed to open stream: Permission denied
Suggestion from vsmoraes worked for me:
Laravel >= 5.4
php artisan cache:clear
chmod -R 775 storage/
composer dump-autoload
Laravel < 5.4
php artisan cache:clear
chmod -R 775 app/storage
composer dump-autoload
For those facing this problem with Laravel 5, this is a permission issue caused by different users trying to write at the same log file within the storage/logs folder with different permissions.
What happens is your Laravel config probably is setup to log errors daily and therefore your web server (Apache/nginx) might create this file under a default user depending on your environment it can be something like _www on OSX or www-data on *NIX systems, then the issue comes when you might have run some artisan commands and got some errors, so the artisan will write this file but with a different user because PHP on terminal is executed by a different user actually your login user, you can check it out by running this command:
php -i | grep USER
If your login user created that log file your web server you will not be able to write errors in it and vice-versa because Laravel writes log files with 655 permissions by default which only allows the owner to write in it.
To fix this temporary you have to manually give permissions for the group 664 to this file so both your login user and web server user can write to that log file.
To avoid this issue permanently you may want to setup a proper permissions when a new file is create within the storage/logs directory by inheriting the permissions from the directory this answer https://unix.stackexchange.com/a/115632 can help you to tackle with that.
You should not give 777 permissions. It's a security risk.
To Ubuntu users, in Laravel 5, I sugest to change owner for directory storage recursively:
Try the follow:
sudo chown -R www-data:www-data storage
In Ubuntu based systems, www-data is apache user.
For everyone using Laravel 5, Homestead and Mac try this:
mkdir storage/framework/views
some times SELINUX caused this problem;
you can disable selinux with this command.
sudo setenforce 0
NEVER GIVE IT PERMISSION 777!
go to the directory of the laravel project on your terminal and write:
sudo chown -R your-user:www-data /path/to/your/laravel/project/
sudo find /same/path/ -type f -exec chmod 664 {} \;
sudo find /same/path/ -type d -exec chmod 775 {} \;
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
This way you're making your user the owner and giving privileges:
1 Execute, 2 Write, 4 Read
1+2+4 = 7 means (rwx)
2+4 = 6 means (rw)
finally, for the storage access, ug+rwx means you're giving the user and group a 7
Problem solved
php artisan cache:clear
sudo chmod -R 777 vendor storage
this enables the write permission to app , framework, logs Hope this will Help
For vagrant users, the solution is:
(in vagrant) php artisan cache:clear
(outside of vagrant) chmod -R 777 app/storage
(in vagrant) composer dump-autoload
Making sure you chmod in your local environment and not inside vagrant is important here!
Try again with chmod -R 755 /var/www/html/test/app/storage. Use with sudo for Operation not permitted in chmod. Use Check owner permission if still having the error.
As per Laravel 5.4 which is the latest as I am writing this, if you have any problem like this, you ned to change the permission.
DO NOT LISTEN TO ANYONE WHO TELLS YOU TO SET 777 FOR ANY DIRECTORY.
It has a security issue.
Change the permission of storage folder like this
sudo chmod -R 775 storage
Change bootstrap folder permission like this
sudo chmod -R 775 bootstrap/cache
Now please make sure that you're executing both commands from your application directory. You won't face problems in future regarding permission. 775 doesn't compromise any security of your machine.
Suggest the correct permission, if for Apache,
sudo chown -R apache:apache apppath/app/storage
FOR ANYONE RUNNING AN OS WITH SELINUX: The correct way of allowing httpd to write to the laravel storage folder is:
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/path/to/www/storage(/.*)?'
Then to apply the changes immediately:
sudo restorecon -F -r '/path/to/www/storage'
SELinux can be a pain to deal with, but if it's present then I'd STRONGLY ADVISE you learn it rather than bypassing it entirely.
If you have Laravel 5 and looking permanent solution , applicable both php artisan command line usage and Apache server use this:
sudo chmod -R 777 vendor storage
echo "umask 000" | sudo tee -a /etc/resolv.conf
sudo service apache2 restart
See detailed explanation here.
I had the same issue and the below steps helped me fix the issue.
Find out the apache user - created a test.php file in the public folder with the code
<?php echo exec('whoami'); ?>
And run the file from the web browser. It would give the apache user. In my case, it is ec2-user as I was using the aws with cronjob installed in /etc/cron.d/. It could be different user for others.
Run the below command on the command line.
sudo chown -R ec2-user:<usergroup> /app-path/public
You need to identify and use the right "user" and "usergroup" here.
I had the same problem but in the views directory:
file_put_contents(/var/www/app/storage/framework/views/237ecf97ac8c3cea6973b0b09f1ad97256b9079c.php): failed to open stream: Permission denied
And I solved it cleaning the views cache directory with the following artisan command:
php artisan view:clear
Xampp for use:
cd /Applications/XAMPP/htdocs
chmod -R 775 test/app/storage
From Setting Up Laravel 4.x on Mac OSX 10.8+ with XAMPP
Any time I change app.php I get a permission denied writing bootstrap/cache/services.json so I did this to fix it:
chmod -R 777 bootstrap/cache/
rm storage/logs/laravel.log
solved this for me
Setting permission to 777 is definitely terrible idea!
... but
If you are getting permission error connected with "storage" folder that's what worked for me:
1) Set "storage" and its subfolders permission to 777 with
sudo chmod -R 777 storage/
2) In browser go to laravel home page laravel/public/ (laravel will create necessary initial storage files)
3) Return safe 775 permission to storage and its subfolders
sudo chmod -R 775 storage/
If using laradock, try chown -R laradock:www-data ./storage in your workspace container
In my case solution was to change permission to app/storage/framework/views and app/storage/logs directories.
After a lot of trial and error with directory permissions I ended up with an epiphany...there was no space left on the disk's partition. Just wanted to share to make sure nobody else is stupid enough to keep looking for the solution in the wrong direction.
In Linux you can use df -h to check your disk size and free space.
This issue actually caused by different users who wants to write/read file but denied cause different ownership. maybe you as 'root' installed laravel before then you login into your site as 'laravel' user where 'laravel' the default ownership, so this is the actually real issue here. So when user 'laravel' want to read/write all file in disk as default, to be denied, cause that file has ownership by 'root'.
To solving this problem you can follow like this:
sudo chown -hR your-user-name /root /nameforlder
or in my case
sudo chown -hR igmcoid /root /sublaravel
Footnote:
root as name first ownership who installed before
your-user-name as the default ownership who actually write/read in site.
namefolder as name folder that want you change the ownership.
If you use Linux or Mac, even you can also run in ssh terminal. You can use terminal for run this command,
php artisan cache:clear
sudo chmod -R 777 storage
composer dump-autoload
If you are using windows, you can run using git bash.
php artisan cache:clear
chmod -R 777 storage
composer dump-autoload
You can download git form https://git-scm.com/downloads.
If anyone else runs into a similar issue with fopen file permissions error, but is wise enough not to blindly chmod 777 here is my suggestion.
Check the command you are using for permissions that apache needs:
fopen('filepath/filename.pdf', 'r');
The 'r' means open for read only, and if you aren't editing the file, this is what you should have it set as. This means apache/www-data needs at least read permission on that file, which if the file is created through laravel it will have read permission already.
If for any reason you have to write to the file:
fopen('filepath/filename.pdf', 'r+');
Then make sure apache also has permissions to write to the file.
http://php.net/manual/en/function.fopen.php
Just start your server using artisian
php artisian serve
Then access your project from the specified URL:
I have the same issue when running vagrant on mac. solved the problem by changing the user of Apache server in https.conf file:
# check user for php
[vagrant] ubuntu ~ $ php -i | grep USER
USER => ubuntu
$_SERVER['USER'] => ubuntu
[vagrant] ubuntu ~ $
Run apache under php user instead of user daemon to resolve file access issue with php
# change default apache user from daemon to php user
sudo sed -i 's/User daemon/User ubuntu/g' /opt/lampp/etc/httpd.conf
sudo sed -i 's/Group daemon/Group ubuntu/g' /opt/lampp/etc/httpd.conf
now, php created cache file can be read and edit by apache without showing any access permission error.
I got same errors in my project...
But found out that I forgot to put enctype in my form.
<form method="#" action="#" enctype="multipart/form-data">
Hopes it helps somewhere somehow...
While working on Windows 10 with Laragon and Laravel 4, it seemed to me there was no way to change the permissions manually, since executing chmod-commands in the Laragon-in-built-terminal had no effect.
However, it was possible in this terminal to go to the storage folder and manually add the desired folders like this:
cd app/storage
mkdir cache
mkdir meta
mkdir views
mkdir sessions
The cd-command in the terminal brings you to the folder (you might need to adjust this path to suit your file structure).
The mkdir-command will create the directory with the given name.
I did not have the opportunity to test this approach in Laravel 5, but I expect that a similar approach should work.
Of course there might be a better way, but at least this was a reasonable workaround for my situation (fixing the error: file_put_contents(/var/www/html/laravel/app/storage/meta/services.json): failed to open stream).
First, delete the storage folder then again create the storage folder.
Inside storage folder create a new folder name as framework.
Inside framework folder create three folders name as cache, sessions and views.
I have solved my problem by doing this.

PHP exec find doesnt work

I'm trying to recursively chmod all directories with php, and using:
find /path/to/dir -type d -exec chmod 777 {} \;
Works great from the command line, but using it from the server:
exec('find /path/to/dir -type d -exec chmod 777 {} \;');
Does nothing. Any ideas? Is it permission related? The path is the real path server level.
When you run it on the command line, you're running it as your user which probably is the owner of the path. When you exec() from PHP it is the Apache user that is doing it. Only the owner a a file/dir can chmod it. To confirm this is the case, try to run your exec() script from the PHP CLI Interactive Shell. Within the Interactive Shell, you can run PHP code but it will execute as your user.
If that turns out to be the cause, you must first chown the dir and it's sub files/dirs to be owned by the Apache user.

Categories