Permissions error on /var/www/html/tmp after pulling 3.8.1

Question

Permissions error on /var/www/html/tmp after pulling 3.8.1

jakejarvis opened this issue 6 years ago · 8 comments

After pulling 3.8.1 (upgrading from 3.7) I was greeted with this error about temp directories not able to be created. From what I can figure out from the entrypoint file the owner of /var/www/html is correctly being set to www-data so I'm not sure what's causing these new errors.

I was able to fix it bandaid-style by exec'ing the following after starting the container:

docker exec matomo_app /bin/bash -c "chmod a+w -R /var/www/html"

...but not sure of the security implications of giving global write access to the entire web interface (I assume minimal considering it's a container but you never know).

I tried only giving access to the ./tmp/cache directory but then I was met with a whole bunch of new errors about other folders and files not being writable:

Am I doing something wrong? Any ideas? Let me know if I should post my config.

Thanks guys!

Answer 1 · 2019-01-29T15:08:27.000Z

Exactly the same issue for me...

When I start from a fresh installation (no db, no config) everything goes well.

Answer 2 · 2019-01-29T17:27:50.000Z

Have you tried docker exec matomo_app /bin/bash -c "chown -R www-data:www-data /var/www/html" as suggested?

Answer 3 · 2019-01-31T03:47:10.000Z

@J0WI that indeed works too and is admittedly much safer than the worldwide chmod I was doing!

But it still doesn't stick and needs to be run after every restart of the container – all the recent diffs in this repo look unrelated (besides maybe an odd difference in PHP 7.2?) so is there some change I'm not finding in the main Matomo code that would cause this?

In the meantime moving the existing chown line in the entrypoint.sh files out of the if statement has fixed the issue for me when building for my setup. Made a pull request at #142 but feel free to reject if there's a better way.

Thanks again :)

edit: if it helps, my personal docker-compose file is here but I don't think I'm doing anything out of the ordinary

Answer 4 · 2019-01-31T15:53:56.000Z

I cannot reproduce your issue. Did your change any permissions on your locally mapped files?

Answer 5 · 2019-01-31T21:10:21.000Z

Nope, haven't changed anything. What about you @Azraeht ?

I cloned my entire configuration/database locally when testing the pull request and played with the permissions and got the same error (and moving the chown line in the entrypoint script worked). Same thing on the FPM variants. Very strange....

Is there anything I can send to you to help reproduce? I'm on the latest Docker 18.09.1 btw.

Answer 6 · 2019-01-31T23:51:32.000Z

This might be fixed in docker-library/php#787

Answer 7 · 2019-02-01T01:39:22.000Z

@J0WI great find, thanks! I'll wait for the PHP update to work its way into the registry and report back.

Pulling Matomo again should automatically pull the latest PHP build without needing any changes here, right? Or do we need to rebuild the whole Matomo image and push that too? Not too familiar with how the official library works. Thanks again for the help :)

Answer 8 · 2019-02-01T14:46:16.000Z

Rebuilds are triggered automatically when the base image is updated :)