search

wodby / php

Generic PHP docker container images
MIT License
155 stars 103 forks source link

PHP-FPM is unable to write to stdout/stderr #148

Closed mxr576 closed 2 years ago

mxr576 commented 3 years ago

I tried several different ways (/dev/stdout, php://stdout, /proc/self/fd/2, etc...) but I have always got a similar error like this:

wodby@php.container:/mnt/files/local_mount/build $ drush eval "file_put_contents('/dev/stdout', 'foo', FILE_APPEND);"
 [warning] file_put_contents(/dev/stdout): failed to open stream: No such file or directory PhpCommands.php(31) : eval()'d code:1

I guess it happens because PHP-FPM runs as www-data but 

wodby@php.container:/mnt/files/local_mount/build $ ls -lah /dev/stdout
lrwxrwxrwx    1 root     root          15 Jul 20 08:37 /dev/stdout -> /proc/self/fd/1

So it does not have permission to write to the stream.

A similar issue: https://github.com/thecodingmachine/docker-images-php/pull/139

csandanov commented 3 years ago

sounds like php-fpm upstream issue https://github.com/docker-library/php/issues/358#issuecomment-353686172

mxr576 commented 3 years ago

I do not think that this is actually related to this problem based on the thread. Besides, if I use a Docker image from another vendor then the code above works, the problem is that vendor does not have permission hardening in those images.

csandanov commented 3 years ago

If you run echo test > /proc/self/fd/2 as root it won't work either

mxr576 commented 3 years ago 
wodby@php.container:/mnt/files/local_mount/build $ sudo -u root echo test > /proc/self/fd/2
test

Is it? :thinking: (I am using the last PHP 7.3 Drupal image.)

csandanov commented 3 years ago

I'm not sure how I checked but it works for me now 🤔 as I understand ownership for /proc/self/fd/* set according to the default user (or specified via --user) of the container, thus FPM (run from www-data user) shouldn't have any permissions issues because it run from wodby via sudo by default.

So I try to reproduce your original issue:

$ docker run --rm -ti wodby/drupal-php sh

wodby@php.container:/var/www/html $ drush eval "file_put_contents('/dev/stdout', 'foo', FILE_APPEND);"
foowodby@php.container:/var/www/html $
wodby@php.container:/var/www/html $ ls -la /dev/stdout
lrwxrwxrwx    1 root     root            15 Oct  7 11:43 /dev/stdout -> /proc/self/fd/1
wodby@php.container:/var/www/html $ ls -la /proc/self/fd/2
lrwx------    1 wodby    wodby           64 Oct  7 11:43 /proc/self/fd/2 -> /dev/pts/0

yes, /dev/stdout owned by root but with 777 permissions and /proc/self/fd/1 owned by default user (wodby). Maybe you run containers with root defaut user then su to wodby, idk 🤷🏻‍♂️