I have nginx set up to use the HipHop VM version 3.0 in fast-cgi mode. Some facts:
www-data
. fooers
/srv/foo
with a single index.php
file in it/srv/foo
is the group fooers
/srv/foo
permissions are set to 770
When I try to view this page, I get a 404 not found, but no errors logged in either hhvm or nginx logs. However, if I change permissions to 775
on /srv/foo
the page gets served by the hhvm
and nginx
perfectly as expected.
Also, if I change the default group for the www-data user to be the fooers group, it works with 770 permissions. It only seems to fail when it's not the default group for the user.
What's the issue?!?!? Does anyone know why the hhvm/nginx running as a user www-data with group access to a directory is unable to access when permissions are 770?
To confirm my sanity and ensure my groups and permissions are as I think they are, after starting services, I run
$> ps -aux
I see as expected an hhvm process and the nginx processes running as www-data
:
www-data 3484 .... /usr/bin/hhvm --config /etc/hhvm/server.ini --user www-data --mode daemon -vPidFile=/var/run/hhvm/pid
www-data 3617 ... nginx: worker process
When I check the groups I see:
$> groups www-data
www-data : www-data fooers
When I check the directory, I can confirm 100% access to group and owner:
$> ls -al
total 16
drwxr-xr-x 5 root root 4096 Mar 30 15:57 .
drwxr-xr-x 22 root root 4096 Mar 30 11:52 ..
drwxrwx--- 2 root fooers 4096 Mar 30 15:39 foo
If I check the contents of the file as the www-data
user I am allowed in:
$> sudo -u www-data ls -al /srv/foo
total 12
drwxrwx--- 2 root fooers 4096 Mar 30 15:39 .
drwxr-xr-x 5 root root 4096 Mar 30 15:57 ..
-rw-rw-r-- 1 root fooers 38 Mar 30 15:39 index.php
If I try the above with a user not in the fooers group, it fails.
Here is my /etc/hhvm/server.ini
:
; php options
pid = /var/run/hhvm/pid
; hhvm specific
hhvm.server.port = 9000
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php
hhvm.log.level = Warning
hhvm.log.always_log_unhandled_exceptions = true
hhvm.log.runtime_error_reporting_level = 8191
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error.log
hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc
hhvm.mysql.typed_results = false
I really hope this isn't something silly and obvious I overlooked...
Here is my nginx location block for the web root:
location ~ \.php$ {
root /srv/foo
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/foo$fastcgi_script_name;
include fastcgi_params;
}
This appears to be a bug with HHVM. I've added a ticket to fix this in there project.