dxops
commented
9 years ago Hi, @ramunasd !
This approach is from symfony doc http://symfony.com/doc/current/book/installation.html#running-the-symfony-application see Setting up Permissions note
We will check how we can improve it. Thanks a lot!
ramunasd
Hi devs, found one issue.
Oro\Bundle\InstallerBundle\Composer\PermissionHandler sets wrong user facl on folders cache, logs & attachment. This bug can reproduced when in system is some process (not web server) with keywords apache, httpd, www-data, www, nginx and so on. I.e. we have graylog installed and there is java process:
java -Xms1024m -Xmx1024m -XX:MaxPermSize=256m -XX:ReservedCodeCacheSize=128m -Dconfig.file=/etc/graylog/web/web.conf -Dlogger.file=/etc/graylog/web/logback.xml -Dpidfile.path=/var/run/graylog-web/application.pid -Dhttp.address=0.0.0.0 -Dhttp.port=9000 -Duser.dir=/usr/share/graylog-web -cp /usr/share/graylog-web/lib/graylog-web-interface.graylog-web-interface-1.1.5.jar:/usr/share/graylog-web/lib/org.scala-lang.scala-library-2.10.4.jar:/usr/share/graylog-web/lib/com.typesafe.play.twirl-api_2.10-1.0.2.jar:/usr/share/graylog-web/lib/org.apache.commons.commons-lang3-3.....
PermissionHandler founds this process and uses it's id for extended file permissions. In result, graylog server has permissions and web server does not. Application can't run because web server need to write special files to cache directory.
It would be much easier to list all system users
cat /etc/passwdand whitelist this list with predefined values (www-data, nginx, etc.) instead of complexps auxfilter.