Laravel in Linux with NGINX. Error 500 in browser and Permission denied in log. An analysis and how to solve in the best way possible?

Asked

Viewed 394 times

3

I am installing an application in Laravel 5.4 in a Linux environment Ubuntu 16.04 with NGINX. I have seen that many people (just like me) always come across a 500 error in the browser, just after the installation is completed. The official website of Laravel, in its documentation reminds the user to pay attention to this possibility:

        Directory Permissions

After installing Laravel, you may need to configure some permissions. Directories within the  storage and the bootstrap/cache directories should be writable by your web server or Laravel will not run. If you are using the Homestead virtual machine, these permissions should already be set.

===================================================

Browser error

The test.app page isn’t Working

test.app is Currently Unable to Handle this request.

HTTP ERROR 500

===================================================

Checking the File Error test.app-error.log

ila@ig:/var/log/nginx$ gedit test.app-error.log

And this is what I find:

   2017/03/11 15:10:08 [error] 9306#9306: *1 FastCGI sent in stderr: 

   "PHP message: PHP Fatal error:  
   Uncaught UnexpectedValueException: The stream or file "/home/ila/vhosts/test.app/storage/logs/laravel.log" 
   could not be opened: failed to open stream: Permission denied in "/home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:107"

    Stack trace:
    #0 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Handler/AbstractProcessingHandler.php(37): Monolog\Handler\StreamHandler->write(Array)
    #1 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Logger.php(337): Monolog\Handler\AbstractProcessingHandler->handle(Array)
    #2 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Logger.php(616): Monolog\Logger->addRecord(400, Object(UnexpectedValueException), Array)
    #3 /home/ila/vhosts/test.app/vendor/laravel/framework/src/Illuminate/Log/Writer.php(203): Monolog\Logger->error(Object(UnexpectedValueException), Array)
    #4 /home/ila/vhosts/test.app/vendor/laravel/framework/src/Illuminate/Log/Writer.php(114): Illuminate\Log\Writer->write...

    PHP message: PHP Fatal error:  
    Uncaught UnexpectedValueException: The stream or file "/home/ila/vhosts/test.app/storage/logs/laravel.log" 
    could not be opened: failed to open stream: Permission denied in 
    /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php:107

    Stack trace:
    #0 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Handler/AbstractProcessingHandler.php(37): Monolog\Handler\StreamHandler->write(Array)
    #1 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Logger.php(337): Monolog\Handler\AbstractProcessingHandler->handle(Array)
    #2 /home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Logger.php(616): Monolog\Logger->addRecord(400, Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)
    #3 /home/ila/vhosts/test.app/vendor/laravel/framework/src/Illuminate/Log/Writer.php(203): Monolog\Logger->error(Object(Symfony\Component\Debug\Exception\FatalErrorException), Arr

===================================================

In my view this error is not very clear...

Says the file "/home/ila/vhosts/test.app/storage/logs/*laravel.log*" cannot be opened (could not be opened) and Permission denied for"/home/ila/vhosts/test.app/vendor/monolog/monolog/src/Monolog/Handler/*StreamHandler.php:107*"

We have 2 mistakes here.

  1. You cannot open a file for lack of permission
  2. Line 107 of the document Streamhandler.php:107 was not executed tbm for lack of permission.

Checking which function is this in line 107 we have this method:

protected function write(array $record)
    {
        if (!is_resource($this->stream)) {
            if (null === $this->url || '' === $this->url) {
                throw new \LogicException('Missing stream url, the stream can not be opened. This may be caused by a premature call to close().');
            }
            $this->createDir();
            $this->errorMessage = null;
            set_error_handler(array($this, 'customErrorHandler'));
            $this->stream = fopen($this->url, 'a');
            if ($this->filePermission !== null) {
                @chmod($this->url, $this->filePermission);
            }
            restore_error_handler();
            if (!is_resource($this->stream)) {
                $this->stream = null;
                throw new \UnexpectedValueException(sprintf('The stream or file "%s" could not be opened: '.$this->errorMessage, $this->url));
            }
        }

        if ($this->useLocking) {
            // ignoring errors here, there's not much we can do about them
            flock($this->stream, LOCK_EX);
        }

        $this->streamWrite($this->stream, $record);

        if ($this->useLocking) {
            flock($this->stream, LOCK_UN);
        }
    }

This method is creating and recording something in the system.

The fact is that soon after the installation of the file Aravel Laravel.log does not exist within "/home/Ila/vhosts/test.app/Storage/logs/". Then it needs to be created and then saved an error log.

So in my view it would be clearer if the message were file Laravel.log not found, and proper not guaranteed to be created. Of course, if it was not created, nothing can be saved to it. This is unnecessary.

The message says that it cannot be read! This left me a little confused because users u(User), groups g(Group) and others o(others) can all read r(Read) ==> d rwx rwx r-x.

Look here at the terminal:

ila@ig:~/vhosts/test.app/storage(master)$ ll
total 20
drwxrwxrwx  5 ila www-data 4096 Mar 11 13:43 ./
drwxr-xr-x 15 ila www-data 4096 Mar 11 14:48 ../
drwxrwxr-x  3 ila www-data 4096 Mar 11 13:43 app/
drwxrwxr-x  5 ila www-data 4096 Mar 11 13:43 framework/
drwxrwxr-x  2 ila www-data 4096 Mar 11 13:43 logs/

The way to solve this problem, in my view, seems even stranger to me. Note that Ila and www-data (from NGINX) has both permission rwx in "/home/Ila/vhosts/test.app/Storage/...".

So the conclusion is that it’s not Ila nor www-data who is trying to create the archive Laravel.log and yes(others), other users.

An immediate approach BUT NOT LOGICAL would be to assign rwx permission to(Others). And that’s what I’ve seen the staff do.

So: we give permission to write w(Write) to(other) to the Storage/ directory recursively -R

ila@ig:~/vhosts/test.app(master)$ sudo chmod Guo+w -R Storage/ transforms the folder ".../Storage/..." in rwx rwx rwx => 777, what it seems compromise the security of the Laravel application.

===================================================

Checking out

ila@ig:~/vhosts/test.app/storage(master)$ ll
total 20
drwxrwxrwx  5 ila www-data 4096 Mar 11 13:43 ./
drwxr-xr-x 15 ila www-data 4096 Mar 11 14:48 ../
drwxrwxrwx  3 ila www-data 4096 Mar 11 13:43 app/
drwxrwxrwx  5 ila www-data 4096 Mar 11 13:43 framework/
drwxrwxrwx  2 ila www-data 4096 Mar 11 13:43 logs/

And the file was created and the owner is www-data:

ila@ig:~/vhosts/test.app/storage/logs(master)$ ll
total 20
drwxrwxrwx 2 ila      www-data 4096 Mar 11 15:26 ./
drwxrwxrwx 5 ila      www-data 4096 Mar 11 13:43 ../
-rw-rw-rw- 1 ila      www-data   14 Mar 11 13:43 .gitignore
-rw-r--r-- 1 www-data www-data 4626 Mar 11 23:22 laravel.log

Here at this point there is no longer error 500 because the file "Laravel.log", has already been created by someone o(Others).

NOTE that there will be other similar errors (Permission denied) if at any time any user is unable to read, create or perform files within folders or files.

Thinking about the correct solution and what I find on the Internet we have 3 options:

  1. Check the printer involved in the error and ensure permission 777?
  2. Assign 777 for all folders $ sudo chmod guo+w -R test.app/?
  3. Add u(User) in the www-data group and vice versa and ensure rwx permission for both in all folders and files? And in the case in question discussed here in this post was the user o(Others) the source of the problem.

The fact is that give permission 777 to Storage/ and any other application file solves the problem, but what would be the best approach to not compromise security?

Update

The user running the NGINX server. Usually comes configured by default www-data. We can check in the NGINX configuration file at /etc/nginx/nginx.conf or by rotating the ps to be sure.

ila@ig:~$ grep user /etc/nginx/nginx.conf
user www-data;
ila@ig:~$ ps aux|grep nginx|grep -v grep
root     29809  0.0  0.0 123888  1864 ?        Ss   Mar12   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 29810  0.0  0.0 124500  5656 ?        S    Mar12   0:11 nginx: worker process
www-data 29811  0.0  0.0 124500  5652 ?        S    Mar12   0:07 nginx: worker process
www-data 29812  0.0  0.0 124336  4860 ?        S    Mar12   0:12 nginx: worker process
www-data 29813  0.0  0.0 124348  5104 ?        S    Mar12   0:15 nginx: worker process
www-data 29814  0.0  0.0 124336  4796 ?        S    Mar12   0:12 nginx: worker process
  1. How to fix Error: Standard.log could not be opened?
  • 1

    Are you sure that the Nginx user is the www-data? Could you post the piece of your configuration file that defines this? You can see this option on documentation.

  • 1

    Hi, I did an update with NGINX user information

  • > Why not use the Ispconfig3 with Nginx, so you’ll know what the Nginx configuration is like on Ispconfig3, make a simple test on a VM.

  • Hello got the solution to this "big problem"? If yes... Answer your own question!

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.