Trying to deploy Symfony on Ubuntu 18.04 LTS - setfacl not working?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.

I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :

sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log

That gives me

getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---

and

getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---

However when I go to run the web app I get a blank page and the error log shows

[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)

So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?

EDIT: I just read here that:

To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.

My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?

ubuntu permissions deployment access-control-list

share|improve this question

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
  – danblack
  36 mins ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
  – Element Zero
  20 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.

I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :

sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log

That gives me

getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---

and

getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---

However when I go to run the web app I get a blank page and the error log shows

[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)

So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?

EDIT: I just read here that:

To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.

My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?

ubuntu permissions deployment access-control-list

share|improve this question

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
  – danblack
  36 mins ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
  – Element Zero
  20 mins ago
  

  
  
  
  

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.

I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :

sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log

That gives me

getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---

and

getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---

However when I go to run the web app I get a blank page and the error log shows

[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)

So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?

EDIT: I just read here that:

To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.

My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?

ubuntu permissions deployment access-control-list

share|improve this question

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

Disclaimer: I already asked this on StackOverflow but it's kind of urgent and I'm getting no responses and I figure ServerFault might be the better place to post this anyways. If I get an answer on here I'll delete the other one.

I'm following the guide here (admittedly it's a little dated) to deploy my first Symfony 4 project to production. It was going all good until I got to the file permissions. I did the steps specifically in Step 4 of the link :

sudo chown -R myuser:myuser /var/www/html
sudo chmod -R 750 /var/www/html
sudo setfacl -R -m u:www-data:rX /var/www/html/project
sudo setfacl -R -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log
sudo setfacl -dR -m u:www-data:rwX /var/www/html/project/var/cache /var/www/html/project/var/log

That gives me

getfacl /var/www/html/project

# file: var/www/html/project/
# owner: myuser
# group: myuser
user::rwx
user:www-data:r-x
group::r-x
mask::r-x
other::---

and

getfacl /var/www/html/project/var/cache

# file: var/www/html/project/var/cache
# owner: myuser
# group: myuser
user::rwx
user:www-data:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:www-data:rwx
default:group::r-x
default:mask::rwx
default:other::---

However when I go to run the web app I get a blank page and the error log shows

[crit] 3116#3116: *12 stat() "/var/www/html/project/public/"
failed (13: Permission denied)

So it seems the setfacl isn't working? What am I doing wrong here? Is there a better guide for permissions?

EDIT: I just read here that:

To use ACL, it's necessary to use filesystems which can use ACL
function like ext2/ext3/ext4 or xfs and also necessary to enable ACL
option on those filesystems.

My drive is encrypted (done during installation). Could that be why this isn't working? If this is the case, what alternatives would I have?

ubuntu permissions deployment access-control-list

ubuntu permissions deployment access-control-list

share|improve this question

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

share|improve this question

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

share|improve this question

share|improve this question

edited 1 hour ago

edited 1 hour ago

edited 1 hour ago

asked 2 hours ago

Element Zero

1507

asked 2 hours ago

Element Zero

1507

asked 2 hours ago

Element Zero

1507

1507

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
  – danblack
  36 mins ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
  – Element Zero
  20 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
  – danblack
  36 mins ago
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
  – Element Zero
  20 mins ago
  

  
  
  
  

1

1

not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
– danblack
36 mins ago

not sure why you did myuser:myuser on /var/www/html, however chmod o+x /var/www/html is required for the www-data user to traverse down it.
– danblack
36 mins ago

Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
– Element Zero
20 mins ago

Actually, I had JUST figured this out like 10 minutes before your comment and applied it. I tried the site again and got the same blank page so I thought it was the same issue, but now in the log I just saw it's getting a SSL protocol error instead - meaning it must be getting past the file permissions. Guess this was it :) Thanks a bunch!
– Element Zero
20 mins ago

add a comment | 

1 Answer
1

active

oldest

votes

up vote
2
down vote



accepted

Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:

chmod o+x /var/www/html

share|improve this answer

answered 16 mins ago

danblack

75468

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f936547%2ftrying-to-deploy-symfony-on-ubuntu-18-04-lts-setfacl-not-working%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote



accepted

Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:

chmod o+x /var/www/html

share|improve this answer

answered 16 mins ago

danblack

75468

add a comment | 

up vote
2
down vote



accepted

Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:

chmod o+x /var/www/html

share|improve this answer

answered 16 mins ago

danblack

75468

add a comment | 

up vote
2
down vote



accepted

up vote
2
down vote



accepted

Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:

chmod o+x /var/www/html

share|improve this answer

answered 16 mins ago

danblack

75468

Given the www-data user isn't a member of the myuser group, it requires +x permissions to descend through the /var/www/html directory. The existing permissions in the question are '750'. To change this:

chmod o+x /var/www/html

share|improve this answer

answered 16 mins ago

danblack

75468

share|improve this answer

share|improve this answer

answered 16 mins ago

danblack

75468

answered 16 mins ago

danblack

75468

answered 16 mins ago

danblack

75468

75468

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f936547%2ftrying-to-deploy-symfony-on-ubuntu-18-04-lts-setfacl-not-working%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email