Latte is failing to create lock file

inf3rno
Member | 3
+
0
-

Message: Unable to create file ‘/home/inf3rno/Desktop/projects/GDPR-manager/presentation/cache/8f1066c1ff.php.lock’. fopen(/home/inf3rno/Desktop/projects/GDPR-manager/presentation/cache/8f1066c1ff.php.lock): Failed to open stream: Permission denied
File: /home/inf3rno/Desktop/projects/GDPR-manager/vendor/latte/latte/src/Latte/Engine.php
Line: 277

I am trying to use Latte with Slim4.

    public function run(){
        $latte = new Engine();
        $latte->setLoader(new FileLoader(__DIR__ . '/templates'));
        $latte->setTempDirectory(__DIR__.'/cache');

        $app = AppFactory::create();

        $app->addRoutingMiddleware();

        $errorMiddleware = $app->addErrorMiddleware(
            $displayErrorDetails = $this->configuration->isDisplayingErrors(),
            $logErrors = true,
            $logErrorDetails = true
        );

        $app->get('/', function (Request $request, Response $response, $args) use ($latte) {
            $output = $latte->renderToString('index.latte',  []);
            $response->getBody()->write($output);
            return $response;
        });

        $app->run();
    }

Looks like Linux permissions are not ok for the directory. This is a developer machine with LAMP and I guess I have to use chmod with some parameters on the cache directory. What is the recommended solution?

The current permissions are:
namei –long cache  ✔
f: cache
drwxr-xr-x inf3rno inf3rno cache

Note that Composer works well with the same permissions.

Last edited by inf3rno (2023-11-21 23:07)

nightfish
Member | 463
+
0
-

@inf3rno The permission issue is probably caused by PHP (FPM) running under different user (maybe www-data) than Composer (which is probably executed under inf3rno).

The solution can be as easy as chmod 777 cache (granting everyone full access to cache directory), or maybe better chown -R :www-data cache && chmod 775 cache (changing cache directory's group to www-data and granting write access to both user inf3rno and group www-data). The solution with chown will only work if there exists a group www-data and PHP FPM's user is a member of this group.

Last edited by nightfish (2023-11-22 13:48)

inf3rno
Member | 3
+
0
-

nightfish wrote:

@inf3rno The permission issue is probably caused by PHP (FPM) running under different user (maybe www-data) than Composer (which is probably executed under inf3rno).

The solution can be as easy as chmod 777 cache (granting everyone full access to cache directory), or maybe better chown -R :www-data cache && chmod 775 cache (changing cache directory's group to www-data and granting write access to both user inf3rno and group www-data). The solution with chown will only work if there exists a group www-data and PHP FPM's user is a member of this group.

Thanks for the answer! I use manjaro, the Apache group/user is http/http in the case of this distro. I did chown -R http:http projects && chmod 775 projects. The projects directory what contains the cache directory as well. Now when I use “namei –long projects/” I got “f: projects/ drwxrwxr-x http http projects”. It works, but now I cannot edit the code without sudo with the user inf3rno/inf3rno. Isn't there a way to have two owners for this directory?

Adding myself to the http group does not change a thing. Either I can edit the files without sudo or Apache can use them on the server. The “chmod 777” does not make a difference either.

Last edited by inf3rno (2023-11-22 15:35)

Marek Bartoš
Nette Blogger | 1127
+
0
-

chmod 0777 does not make difference, because most Linux systems have umask set, usually to 0022. umask automatically removes too wide permissions (0777 – 0022 = 0755).

You either have to disable umask – fine on your local dev machine, but may hide issues with permissions that will appear on a server. If you only use PHP in your project, you can just call (locally, not in production!) umask(0000) in bootstrap to disable it.

Or set permissions to at least 0770 and have both your user and webserver user in the same primary group. And no, just adding your user to http group is not enough, only the primary group will work properly.

Or configure webserver to execute application with your user – in that case, it is safe to set permissions to 0700.

You may also install some different permissions system that is more flexible, but it is distribution specific matter and likely not simpler to do.

Last edited by Marek Bartoš (2023-11-22 16:24)

inf3rno
Member | 3
+
0
-

I ended up chowning the cache directory with http:http where the webserver must write and chowned the other files with inf3rno/inf3rno where I need to edit them and the webserver needs only read privileges. This way it works.