File system group permission with is_readable and is_writable is not being honored

[SirLouen]

Description

Server Context

• Operating system: Fedora 38
• Web server: nginx 1.24.0
• PHP version: PHP 8.2.17

The following code:

Script in /var/www/test/info.php:

<?php

echo exec('whoami') . PHP_EOL;

if (is_readable('/var/www/test/check.php'))
 echo "OK";
else
 echo "KO";

echo PHP_EOL;

if(!is_dir('/var/www/test/test_dir')) {
        echo 'Nope. Nothing!'.PHP_EOL;
} else {
        echo 'Found it!'.PHP_EOL;
}

With the following filesystems permissions:

# ll -a
drwxr-xr-x. 3 alcudia alcudia 4096 Apr  9 14:42 .
drwxr-xr-x. 7 root    root    4096 Apr  9 01:40 ..
-rw-r-----. 1 nginx   nginx     21 Apr  9 01:42 check.php
-rwxrwxrwx. 1 root    root     252 Apr  9 14:42 info.php
dr-xr-x---. 2 nginx   nginx   4096 Apr  9 14:42 test_dir

# lid -g nginx
 nginx(uid=992)
 alcudia(uid=1000)

The script is being run with PHP-FPM with alcudia user for this example:

# cat /etc/php-fpm.d/test.conf 
[alcudia]
user = alcudia
group = alcudia
listen = /run/php-fpm/alcudia.sock
listen.owner = nginx
listen.group = nginx

Resulted in this output:

Check the video:

https://github.com/php/php-src/assets/224787/704bfa51-ad06-454b-95b5-83cf562b8809

Every time I press F5, the result changes

Very important: This only affects my webservice, not PHP-CLI. PHP-CLI works as it should. If I find some time, I'm going to set up a docker so it's possible to test this in the same environment.

But I expected this output instead:

Just this exclusively:

alcudia OK Found it!

Extra information:

It's interesting because I first discovered this while I was setting phpMyAdmin and raised this issue: https://github.com/phpmyadmin/phpmyadmin/issues/19106

PHP Version

8.2.17

Operating System

Fedora 38

[bukka]

what's your full FPM config? Is it a single server setup? Would you be able to provide more detailed how to reliably recreate?

[SirLouen]

@bukka I believe I will create a Dockerfile with a full example, so it's easily replicable by anyone.