Opened 13 months ago
Last modified 13 months ago
#67142 assigned defect
php82-fpm access denied to a file by System Policy of macOS Ventura
| Reported by: | beskhu | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.8.1 |
| Keywords: | Cc: | ||
| Port: | php82-fpm |
Description
I'm not sure it's a defect since it's the first time I try to setup a LAMP server using macports. php82-fpm has access denied to a file by System Policy of macOS Ventura. Here is the apple console message I identified :
System Policy: php-fpm82(449) deny(1) file-read-data /Volumes/2To/Sites/64.php
In the apache log I get :
[Fri Mar 24 12:40:39.953320 2023] [proxy_fcgi:error] [pid 1120] [client ::1:49813] AH01071: Got error 'PHP message: PHP Warning: PHP Request Startup: Failed to open stream: Operation not permitted in Unknown on line 0; Unable to open primary script: /Volumes/2To/Sites/64.php (Operation not permitted)', referer: http://localhost/
And the browser shows :
No input file specified.
The file is authorized to everyone, and I allowed php82-fpm and php82 to access full disk inside security panel of macOS Ventura.
Change History (5)
comment:1 Changed 13 months ago by jmroot (Joshua Root)
| Keywords: | php82-fpm php-fpm removed |
|---|---|
| Owner: | set to ryandesign |
| Status: | new → assigned |
comment:2 Changed 13 months ago by ryandesign (Ryan Carsten Schmidt)
comment:3 Changed 13 months ago by beskhu
the user running the php-fpm82 process should be according to configuration _www
output of the ls command :
ls -ld /Volumes /Volumes/2To /Volumes/2To/Sites /Volumes/2To/Sites/64.php drwxr-xr-x 8 root wheel 256 27 mar 15:55 /Volumes drwxrwxr-x@ 38 fabienaurejac staff 1216 27 mar 15:55 /Volumes/2To drwxrwxrwx@ 156 fabienaurejac staff 4992 23 mar 20:27 /Volumes/2To/Sites -rwxrwxrwx@ 1 fabienaurejac staff 40 5 mar 2018 /Volumes/2To/Sites/64.php
comment:4 Changed 13 months ago by beskhu
I was able to make php-fpm82 work using my user fabienaurejac and setting group as staff. I'm just surprised macOS is so strict, because linux for example does not require the user to be the same as long as file permissions allow another user to read, write or execute.
Also session was not persistent by default, so I did the following : create a folder with permissions to my user and set in /opt/local/etc/php82/php-fpm.d/www.conf :
php_admin_value[session.save_path]
to the path of this folder.
comment:5 Changed 13 months ago by ryandesign (Ryan Carsten Schmidt)
Another user reported permission problems with another situation on the mailing list:
https://lists.macports.org/pipermail/macports-users/2023-March/051968.html
Not sure if that has any similarity to your situation.
What user is running the php-fpm82 process and does that user have access to that file and all of its parent directories? What's the output of: