2

Why question is not a duplicate

"Laravel daily log created with wrong permissions" question is starting from a different situation. I already have user member of www-data and already my processes are running as www-data and not creating file as root or as different group. So suggested solution is not enough.

Please, see my own answer to see the most simple solution to this common situation.

My storage/logs directory is configured as

drwxrwsr-x  2 user www-data 4096 Aug 21 14:39 logs

Note the sticky bit

Single log files are being created automatically as

-rw-r--r-- 1 www-data www-data 2381004 Aug 21 14:51 laravel-2019-08-21.log

Note, also, that my user is a member of group www-data.

The problem

accessing on ssh as user , I cannot run php artisan queue:failed because I got this error

   UnexpectedValueException  : The stream or file "/var/www/app/storage/logs/laravel-2019-08-21.log" could not be opened: failed to open stream: Permission denied

  at /var/www/app/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:107
    103|             }
    104|             restore_error_handler();
    105|             if (!is_resource($this->stream)) {
    106|                 $this->stream = null;
  > 107|                 throw new \UnexpectedValueException(sprintf('The stream or file "%s" could not be opened: '.$this->errorMessage, $this->url));
    108|             }
    109|         }
    110|
    111|         if ($this->useLocking) {

Question

I cannot force server to create log file as user:www-data

But I need to be able to read and_write them. Or, at minimum, I need to able to run queue:* commands

How should I fix this bad server config?

I'm using Debian 10.0

realtebo
  • 23,922
  • 37
  • 112
  • 189
  • Can you use `sudo` to change your user (i.e. do you have the permissions)? `sudo -u www-data php artisan queue:failed` – Namoshek Aug 21 '19 at 15:02
  • The File is readable by all, but only writeable by the original user, so the group won't help. – aynber Aug 21 '19 at 15:04
  • 1
    Possible duplicate of [Laravel daily log created with wrong permissions](https://stackoverflow.com/questions/27674597/laravel-daily-log-created-with-wrong-permissions) – aynber Aug 21 '19 at 15:04
  • 1
    The top answers are not that helpful, but `setfacl` and the `permission` setting are. – Namoshek Aug 21 '19 at 15:06
  • The answers sort differently between my logged-in browser and non-logged in browser, but https://stackoverflow.com/a/49379249/1007220 should be fairly helpful – aynber Aug 21 '19 at 15:08
  • I understand both causes and other suggested solutions but all not applicable ! My solution is simply and works, but this requires that user must be member of www-data group. And in my case this is already true. – realtebo Aug 21 '19 at 15:21
  • @aynber: added explanation of why it's not a duplicate question – realtebo Aug 21 '19 at 15:25

1 Answers1

2

I resolved specifying in Laravel config/logging.php the file permission mask.

    'daily' => [
        'driver' => 'daily',
        'path' => storage_path('logs/laravel.log'),
        'level' => 'debug',
        'days' => 14,
        'permissions' => 0664
    ],

The important part is

'permissions' => 0664.

Important: Respect the format !

0664 != 664

So now user can also write logs.

Note: this works only because user it's member of www-data group!

realtebo
  • 23,922
  • 37
  • 112
  • 189