Flysystem creates issues with 2 user setup on Linux machines with Local adapter.
Example:
SSH user: userA
Apache user: www-data
SSH user installs composer packages, runs console commands. Each ssh user action can create files / folders, that has to be writable by www-data. So far, I've seen flysystem in the 2 projects - Shopware, PIMCore. Each project is symfony based and symfony has a filesystem documentation for the 2 user scenario here - https://symfony.com/doc/5.x/setup/file_permissions.html
The symfony documentation uses the following command to setup permissions with setfacl commands:
I've been using 2 user setup in pretty much every project so far and it has been working good, allowing to run deployment scripts, console commands without any issues on the web-server side.
However, it is not the case with Flysystem and here is why:
File has been created by userA
Server is trying to write to the file under user www-data
Flysystem trying to change owner/permissions of the userA file to www-data user and fails.
The action in item 3 above is not necessary. The file exists and is writable by www-data user using facl permissions.
This Flysystem behavior makes it impossible to use with 2 user scenario.
How can we avoid such behavior? At least not to exec chown/chmod on existing files/folders?
2 user setup
Flysystem creates issues with 2 user setup on Linux machines with Local adapter. Example: SSH user: userA Apache user: www-data
SSH user installs composer packages, runs console commands. Each ssh user action can create files / folders, that has to be writable by www-data. So far, I've seen flysystem in the 2 projects - Shopware, PIMCore. Each project is symfony based and symfony has a filesystem documentation for the 2 user scenario here - https://symfony.com/doc/5.x/setup/file_permissions.html
The symfony documentation uses the following command to setup permissions with setfacl commands:
I've been using 2 user setup in pretty much every project so far and it has been working good, allowing to run deployment scripts, console commands without any issues on the web-server side.
However, it is not the case with Flysystem and here is why:
The action in item 3 above is not necessary. The file exists and is writable by www-data user using facl permissions. This Flysystem behavior makes it impossible to use with 2 user scenario.
How can we avoid such behavior? At least not to exec chown/chmod on existing files/folders?
Thank you.