Blog Posts

How to manage cache permissions in Symfony2

I guess in the Symfony2 world, we all know the following problem: We have a running Symfony2 installation we already accessed in the browser. Now we want to use the Symfony2 console to run a command and *BANG* we get an exception. The problem is, that the cache directory is not writable by the command line user. Now the usual reaction is "let's just set the access rights to 777", which solves the problem for the moment. But of course it will return, once the command line user wants to access another file/directory that was created by the webserver.

Luckily there is a more sustainable solution, which is described here.

I hope this will save you some time - it for sure saved me some :)

Related Entries:
- Discussions and Pizza at PHPDay Italy
- HHVM with Symfony 2 looks amazing
- RESTing with Symfony2
- How to preload ACL in order to get good performances
- Playtime with OroCRM

About the author

Comments [16]

Colin, 30.11.2011 16:00 CET

Awesome, thanks!

For reference
- Mac OS supports chmod +a
- "www-data" is the username your webserver is running as. You can find that by running this command:
ps aux | grep apache
- I also did the same for my web/bundles directory, so that cache:clear could run without errors.

Jens, 30.11.2011 16:10 CET

I prefer using php-fpm, so no more user mix (cmd, webserver) is needed :)

Bob, 30.11.2011 16:13 CET

There is another way to go : run both SAPI of the PHP interpreter with the same user and group.

fabian.vogler, 30.11.2011 17:02 CET

I simply changed the Apache user to my own in /etc/apache2/httpd.conf:

User fabian
Group _www

Jérémy, 30.11.2011 17:13 CET

+1 Bob :
sudo -u www-data app/console

Je dé-conseil d'utiliser la solution de fabian.vogler, car en cas de faille de sécurité applicative, l’attaquant aurait les droits de votre user.

alain.horner, 30.11.2011 17:13 CET

Bob, Fabian: Thanks for your reply. Remember you for sure don't want to do this on prod. And since your local setup should be as similar as possible to prod I prefer the solution suggested in the Symfony book. But using the same user for both sure is a way and perfectly does the job.

Alan Knowles, 01.12.2011 00:41 CET

File it as a bug...

Cache directories should use the currently authenticated user in their directory name.

I thought that was in the how to build frameworks for dummies book :)

nayr, 04.12.2011 14:58 CET

Notificarme por correo electrónico cuando se realicen nuevos comentarios a esta entrada

Tobias Sjösten, 05.12.2011 08:36 CET

If you're on Linux or if you're using encryption with eCryptFS (default in Ubuntu) then these instructions wont help. I got you covered though. :)

However I really liked the simplicity of just changing Apache's user. Nice one, Fabian!

Lukas, 10.12.2011 14:24 CET

@Alan Knowles: the issue is that the cache clearing isn't done from the same SAPI as the cache is written and at that point up to the configuration of the local machine if this is possible or not.

in other words the scenario is:
- apache writes to cache
- cli is used to clear the cache

Jérémy, 10.12.2011 22:16 CET

You're wrong Lukas. The problem is not the SAPI, the problem is the user who use the SAPI
- Apache use the user defined in /etc/apache2/envvars (by default www-data)
- cli run with the user who call the command.

Theire is 2 way to solve this problem
- Using the same user for both apache and cli. But It's extremly deprecated to use your user for apache as fabian vogler say
- Changing the permissions on the cache folder : and allowing everybody to read/write the files as sugered by symfony.

Personnaly when i call CLI, i alway use www-data to avoid this problem. I simply run the command as a www-data user.

sudo -u www-data php ...

Lukas, 10.12.2011 22:21 CET

Jérémy: "wrong" is probably the "wrong" word here. all i said was that because there are different sapi's that its a configuration question of the system if there is a problem or not. aka its not something the framework can handle.

Jens, 10.12.2011 23:10 CET

you don't listen, read about fpm.

Christof, 21.12.2011 18:25 CET

And for extra points we make it work with SELinux :-)

Matthieu, 29.02.2012 18:27 CET

I use this script to delete the cache folder from my browser :

pctgrass, 04.09.2013 14:07 CET

It's a small world, isn't it :D
I'm sure you solved that long ago, but here is the link for good measure:

Add a comment

Your email adress will never be published. Comment spam will be deleted!