Here is another "keep this in memory" memento. I encountered some noobs issues when first deploying a symphony app to a production server. It was file permissions problem on Ubuntu. Here is how I fixed this.
The first thing to do is to get ACL
First you need to install the ACL package, preferrably through your package manager;
apt-get on Ubuntu. To do so, simply type the following command in a terminal:
$ sudo apt-get install acl
Then you'll need to activate ACL on the mounted disk. You would have to edit the
etc/fstab file with:
$ sudo nano /etc/fstab
Find the line in the file that corresponds to the mounted disk on which your files are stored. Most of the time it is the
/ one. Here is what the fstab looks like:
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc nodev,noexec,nosuid 0 0 # / was on /dev/sda2 during installation UUID=b81dcc05-dbcd-4672-b0b3-00b584664050 / ext4 errors=remount-ro,acl 0 1 # /boot was on /dev/sda1 during installation UUID=e3afd08c-78ed-4484-bebb-d2879a4f592e /boot ext4 defaults 0 2 # swap was on /dev/sda3 during installation UUID=d26a3e9a-3d03-45b9-ba37-b374bff1fda1 none swap sw 0 0
You'll have to add the
acl option to tha mounted disk, as visible on the example.
Then, remount the partition to have the new options take effect, and you're done.
$ sudo mount -o remount /
Modify the Ubuntu file permissions for your folders
With ACL enabled for your partition, we can now solve our problem using three ingenious Linux tricks.
First we change the ownership of our directories, so that they are owned by our www-data group.
$ sudo chown -R :www-data app/cache app/logs
Then we set a sticky guid on them. This ensures that new files and directories are automatically owned by the same group as their parent.
$ sudo chmod g+s app/cache app/logs
Per default new files and directories are not writable by their group owner and so the last piece of our puzzle is to use the previously enabled ACL to change that.
$ sudo setfacl -dR -m g::rwX app/cache app/logs
Final script for from scratch deployment
Here is the final script, depending on the folders you have. You should at least have
#!/bin/sh FOLDERS = app/cache app/logs web/uploads web/cache sudo chown -R :www-data $FOLDERS sudo chmod g+s $FOLDERS sudo setfacl -dR -m g::rwX $FOLDERS
Feel free to add or delete pathes in the
FOLDER variable according to your needs.