Symfony2 "Assetic:dump -env-prod" Permission denied Exception

Question

Before i executed an update (composer.phare update) with the root user, every thing works fine, but now when i tries to run "Assetic:dump -env-prod" i get a "Permission denied" error

[Assetic\Exception\FilterException]
  An error occurred while running:
  '' '-jar' '/home/symfony/www/app/Resources/java/yuicompressor.jar' '--ch
  arset' 'UTF-8' '-o' '/tmp/YUI-OUT-vbRlyu' '--type' 'css' '/tmp/YUI-IN-OoRVH
  Q'
  Error Output:
  sh: 1: : Permission denied
  Input:
  meta.foundation-version{ ...

I tried all the solutions in this post Fontawesome fonts fail after assets:install and assetic:dump

clear the cache, chown, chgrp and chmod nothing worked always the same problem

Answer 1

One way to deal with file permissions when you are running a web based application which requires either auto deployment or constant manual updates like using bin/console from symfony2, its to make sure that the files belongs to the user under which your application runs.

As you did not provide environment settings, I will be making a few assumptions and provide you with a generic setup scenario, hopefully this will help guide you to the the best solution for your specific case.

Environment Assumptions:

• OS: linux flavor;
• Web server: nginx will be running as www-data;
• PHP: php-fpm will running as testapp and using a socket connection for this application;

Generic set-up steps:

1. In the /etc/nginx/nginx.conf file, make sure that the user/group are set to www-data;

2. In the /etc/php5/fpm/pool.d/apptest.conf file, make sure that the user & group are set to testapp;

TIP: The file above might need to be created, if that's the case you should just copy the content of the www.conf file located in the same folder.

3. In the /etc/php5/fpm/pool.d/apptest.conf file, make sure listen.owner & listen.group are set to www-data;

4. Make sure that you have a line like the one below in this file /etc/php5/fpm/pool.d/apptest.conf:

listen = /var/run/php5-fpm.apptest.sock.

NOTE: the fpm.apptest.sock portion of that line above, its the name of a file that does not exist yet but will be created when you restart php. The benefit is that you will have an isolated php process for this application;

5. a) In the case on nginx and if you are using socket connections, make sure to add this line in your apptest conf file:

unix:/var/run/php5-fpm.apptest.sock;

b) If you are using apache add this line in that conf file:

-socket /var/run/php5-fpm.apptest.sock;

6. If you are on a linux box, create user with no password and it should be called, apptest.

Note: apptest is the name of your application, it will also be the user under which php will be running and it should also be the application files/folders owner.

7. Restart php and nginx/apache.

Tip: to change to a user in linux which has no password, you should have root privileges and run: sudo -u apptest -i.

After this, you should perform all your commands as the apptest user previously created, including running the symfony2 bin/console.

These are very generic steps, so if you need any clarification, let me know.

Answer 2

I do not recommend to use root for updating. In my opinion the way to go is to have /app/logs /app/cache writable for the server and the src and vendor folder only readable for the server.

So lets say your user and group is: coolman, than try this:

# everything is yours
chown coolman:coolman -R .

# all and group can access folders and read files, you as user can additionally write them
chmod ag=rX,u=rwX -R .

# full access to logs and cache for everyone (also the server)
chmod a+rwX -R app/logs app/cache

You make your composer update with your coolman user.

There is only one small problem, too. The logs might be www-data:www-data rw-r--r-- so you cannot delete them. So just add a line to your app.php and your app/console file:

\umask(0000);

I think this line is commented out as default. This says, that if no explicit rights are set within PHP, than every file which is created will get 0777 - mask = 0777 so you can delete logs and cache then.