How to manage cache permissions in Symfony2

I guess in the Symfony2 world, we all know the following problem: We have a running Symfony2 installation we already accessed in the browser. Now we want to use the Symfony2 console to run a command and BANG we get an exception. The problem is, that the cache directory is not writable by the command line user. Now the usual reaction is “let’s just set the access rights to 777”, which solves the problem for the moment. But of course it will return, once the command line user wants to access another file/directory that was created by the webserver.

Luckily there is a more sustainable solution, which is described here.

I hope this will save you some time – it for sure saved me some :)

Awesome, thanks!

For reference
– Mac OS supports chmod +a
– “www-data” is the username your webserver is running as. You can find that by running this command:
ps aux | grep apache
– I also did the same for my web/bundles directory, so that cache:clear could run without errors.

I prefer using php-fpm, so no more user mix (cmd, webserver) is needed :)

There is another way to go : run both SAPI of the PHP interpreter with the same user and group.

I simply changed the Apache user to my own in /etc/apache2/httpd.conf:

+1 Bob :
sudo -u www-data app/console

Je dé-conseil d’utiliser la solution de fabian.vogler, car en cas de faille de sécurité applicative, l’attaquant aurait les droits de votre user.

Bob, Fabian: Thanks for your reply. Remember you for sure don’t want to do this on prod. And since your local setup should be as similar as possible to prod I prefer the solution suggested in the Symfony book. But using the same user for both sure is a way and perfectly does the job.

File it as a bug…

Cache directories should use the currently authenticated user in their directory name.

I thought that was in the how to build frameworks for dummies book :)

Notificarme por correo electrónico cuando se realicen nuevos comentarios a esta entrada

If you’re on Linux or if you’re using encryption with eCryptFS (default in Ubuntu) then these instructions wont help. I got you covered though. :)

However I really liked the simplicity of just changing Apache’s user. Nice one, Fabian!

@Alan Knowles: the issue is that the cache clearing isn’t done from the same SAPI as the cache is written and at that point up to the configuration of the local machine if this is possible or not.

in other words the scenario is:
– apache writes to cache
– cli is used to clear the cache

You’re wrong Lukas. The problem is not the SAPI, the problem is the user who use the SAPI
– Apache use the user defined in /etc/apache2/envvars (by default www-data)
– cli run with the user who call the command.

Theire is 2 way to solve this problem
– Using the same user for both apache and cli. But It’s extremly deprecated to use your user for apache as fabian vogler say
– Changing the permissions on the cache folder : and allowing everybody to read/write the files as sugered by symfony.

Personnaly when i call CLI, i alway use www-data to avoid this problem. I simply run the command as a www-data user.

sudo -u www-data php …

Jérémy: “wrong” is probably the “wrong” word here. all i said was that because there are different sapi’s that its a configuration question of the system if there is a problem or not. aka its not something the framework can handle.

you don’t listen, read about fpm.

And for extra points we make it work with SELinux :-)

I use this script to delete the cache folder from my browser :

It’s a small world, isn’t it :D
I’m sure you solved that long ago, but here is the link for good measure: