Correct permissions for public/assets .htaccess: to enable browser ?flush AND cli tests


#1

Silverstripe Version: 4.2.2

Question:
Hi all,

I’m stuck on this one. Any help much appreciated. How do I correctly set permissions so that I can ?flush via a browser AND also run tests. For the following files:

public/assets/.htaccess
public/assets/.protected/.htaccess

If I set the owner to _www then I can ?flush in the browser, but I can’t run tests. I get the CLI error:

PHP Warning: file_put_contents(/public/assets/.htaccess): failed to open stream: Permission denied in vendor/league/flysystem/src/Adapter/Local.php on line 135

If I then set the owner to my use, I can run tests but I can’t ?flush. I get the browser error:

# [WARNING] CHMOD(): OPERATION NOT PERMITTED
Line  **356**  in  **/vendor/league/flysystem/src/Adapter/Local.php**
* **chmod(/public/assets/.htaccess, 436)**  Local.php:356

What do I need to do to allow me to ?flush and also be able to run my tests?

Thanks,
Barry


#2

The secret here is to run the CLI commands as the same user the web server process uses, that keeps all the file ownership and permissions nice and simple. It’s not just the htaccess stuff which is affected, running as different users, you’re likely to end up with different sets of cached files too which can cause all manner of confusion!


#3

Hi Dorset,

Ah right! Not sure if this is best practice, but here’s what I did:

1. added myself to the wheel group

sudo dscl . append /Groups/wheel GroupMembership username

2. Modify sudoers file to allow wheel users to run any command as _www without password

sudo visudo

Add the line:

## Allow members of group wheel to run commands as apache '_www' user without password
%wheel ALL=(_www) NOPASSWD: ALL

3. restart terminal

4. run tests (or prefix phpunit command in your editor/testrunner)

sudo -u _www ./vendor/bin/phpunit app/tests/unit/

#4

It’s interesting you mention the different sets of cached files. I was getting a problem where my tests would fail, referring to classes that no longer existed (after switching to a different branch). Similar to this: https://www.silverstripe.org/community/forums/general-questions/show/104262

I did ?flush via the browser, but since the tests were running as a different user,
maybe they had a seperate class Manifest that was out of date? Not sure if the cli cache can be flushed separately.


#5

Quite possibly. You can still flush from the command line in the same way, but as I say, it’s much simpler to just use the same user for all operations, everything stays much cleaner.