Trying to deploy Symfony on Ubuntu 18.04 LTS - setfacl not working?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.



I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :



sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log


That gives me



getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---


and



getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---


However when I go to run the web app I get a blank page and the error log shows




[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)




So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?



EDIT: I just read here that:




To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.




My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?










share|improve this question



















  • 1




    not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
    – danblack
    36 mins ago











  • Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
    – Element Zero
    20 mins ago














up vote
1
down vote

favorite












Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.



I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :



sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log


That gives me



getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---


and



getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---


However when I go to run the web app I get a blank page and the error log shows




[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)




So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?



EDIT: I just read here that:




To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.




My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?










share|improve this question



















  • 1




    not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
    – danblack
    36 mins ago











  • Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
    – Element Zero
    20 mins ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.



I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :



sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log


That gives me



getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---


and



getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---


However when I go to run the web app I get a blank page and the error log shows




[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)




So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?



EDIT: I just read here that:




To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.




My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?










share|improve this question















Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.



I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :



sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log


That gives me



getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---


and



getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---


However when I go to run the web app I get a blank page and the error log shows




[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)




So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?



EDIT: I just read here that:




To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.




My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?







ubuntu permissions deployment access-control-list






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago

























asked 2 hours ago









Element Zero

1507




1507







  • 1




    not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
    – danblack
    36 mins ago











  • Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
    – Element Zero
    20 mins ago












  • 1




    not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
    – danblack
    36 mins ago











  • Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
    – Element Zero
    20 mins ago







1




1




not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
– danblack
36 mins ago





not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
– danblack
36 mins ago













Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
– Element Zero
20 mins ago




Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
– Element Zero
20 mins ago










1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:



chmod o+x /var/www/html





share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f936547%2ftrying-to-deploy-symfony-on-ubuntu-18-04-lts-setfacl-not-working%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote



    accepted










    Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:



    chmod o+x /var/www/html





    share|improve this answer
























      up vote
      2
      down vote



      accepted










      Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:



      chmod o+x /var/www/html





      share|improve this answer






















        up vote
        2
        down vote



        accepted







        up vote
        2
        down vote



        accepted






        Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:



        chmod o+x /var/www/html





        share|improve this answer












        Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:



        chmod o+x /var/www/html






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 16 mins ago









        danblack

        75468




        75468



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f936547%2ftrying-to-deploy-symfony-on-ubuntu-18-04-lts-setfacl-not-working%23new-answer', 'question_page');

            );

            Post as a guest













































































            Comments

            Popular posts from this blog

            What does second last employer means? [closed]

            Installing NextGIS Connect into QGIS 3?

            One-line joke