Bug #105349
closedError: Reading of site configuration(s) fails because of filesystem permissions
100%
Description
Hi!
I'm working with a TYPO3 instance hosted on a kubernetes cluster, my site configuration is inside a volume mount. Inside this volume mount exists a folder named "lost+found", owned by root and is not readable for the user inside my docker container, because of the filesystem type "ext4". When I'm trying to access the frontend/backend of the TYPO3 instance, I get the following error:
"Fri, 18 Oct 2024 14:16:10 +0000 [CRITICAL] request="380a25896d040" component="TYPO3.CMS.Core.Error.ProductionExceptionHandler": Core: Exception handler (WEB: BE): UnexpectedValueException, code #0, file /var/www/html/vendor/symfony/finder/Iterator/RecursiveDirectoryIterator.php, line 43: RecursiveDirectoryIterator::__construct(/var/www/html/config/sites/lost+found): Failed to open directory: Permission denied - {"mode":"WEB","application_mode":"BE","exception_class":"UnexpectedValueException","exception_code":0,"file":"/var/www/html/vendor/symfony/finder/Iterator/RecursiveDirectoryIterator.php","line":43,"message":"RecursiveDirectoryIterator::__construct(/var/www/html/config/sites/lost+found): Failed to open directory: Permission denied","request_url":"https://myurl/typo3","exception":null}"
Changing the filesystem type is sadly not an option nor using another user inside the docker container. I've already tried to change the permissions of the "lost+found" folder without any success.
Is there another possible solution? Any help will be appreciated. :)
Thanks in advance!
Paul
Updated by Garvin Hicking about 2 months ago
- Category set to File Abstraction Layer (FAL)
- Status changed from New to Needs Feedback
Could you maybe create a subfolder in your volume and mount that subfolder instead? Then "lost+found" would not be at the root level and disturb the operation.
Updated by Paul Stoske about 2 months ago
Garvin Hicking wrote in #note-1:
Could you maybe create a subfolder in your volume and mount that subfolder instead? Then "lost+found" would not be at the root level and disturb the operation.
Hey Garvin, already tried that, sadly the same result. Is it possible to modify TYPO3's behavior when reading the site configurations?
Updated by Garvin Hicking about 2 months ago
Hey Garvin, already tried that, sadly the same result. Is it possible to modify TYPO3's behavior when reading the site configurations?
Not easily, because TYPO3 really expects that the directory contains readable files. The only thing that could be done is to catch the exception to display a real error message, but that would still result in a "faulty" setup.
Usually, "lost+found" should only occur at the root of a filesystem.
So let's say you have:
"/mnt/someMountpointRoot" as the root
"/var/www/config/sites" which points to "/mnt/someMountpointRoot"
then "/mnt/someMountpointRoot/lost+found" would be available to TYPO3.
What I meant was that you do this:
"/mnt/someMountPointRoot/TYPO3/" (note, this should not have a "lost+found"!)
"/mnt/someMountPointRoot/TYPO3/site1", "/mnt/someMountPointRoot/TYPO3/site2" and so on
"/var/www/config/sites" which points to "/mnt/someMountpointRoot/TYPO3/"
That would resolve only:
"/var/www/config/sites/site1", "/var/www/config/sites/site2"
because "lost+found" is not actually linked into the TYPO3 installation. Did you try exactly this?!
Updated by Paul Stoske about 1 month ago
Hey, sorry for not answering, got much to do at work. :/
Garvin Hicking wrote in #note-3:
What I meant was that you do this:
"/mnt/someMountPointRoot/TYPO3/" (note, this should not have a "lost+found"!)
"/mnt/someMountPointRoot/TYPO3/site1", "/mnt/someMountPointRoot/TYPO3/site2" and so on
"/var/www/config/sites" which points to "/mnt/someMountpointRoot/TYPO3/"That would resolve only:
"/var/www/config/sites/site1", "/var/www/config/sites/site2"
because "lost+found" is not actually linked into the TYPO3 installation. Did you try exactly this?!
My problem is that it's not possible for me to build filesystem links like you proposed. I just can define a volumeMount inside my HELM chart like this:
spec:
template:
spec:
containers:
- name: typo3-php-fpm
volumeMounts:
- name: typo3-site-config
mountPath: /var/www/html/config/sites
[...]
If I'm using a subPath it won't work either. My problem would be solved if TYPO3 ignores subfolders without the necessary permissions.
Not easily, because TYPO3 really expects that the directory contains readable files. The only thing that could be done is to catch the exception to display a real error message, but that would still result in a "faulty" setup.
Could you possibly explain why this is the only thing that could be done? Wouldn't a warning just do the trick or am I missing something?
Thanks in advance! :)
Updated by Garvin Hicking about 1 month ago
Suppressing an exception might be barder because the traverser might cancel the whole iterator as soon as it fails. Would need to look up if that is an option. I was just trying to find a way for you that would not involve: Creating a patch, verifying the patch, getring votes, getting it merged, creating a release, you using the release. ;-)
How about doing a symlink on your mount. I haven't used helm charts but maybe something like this could work:
spec: template: spec: initContainers: - name: init-symlink image: busybox command: - sh - -c - | ln -s /var/www/html/mounts/siteConfig/typo3 /var/www/html/config/sites volumeMounts: - name: typo3-site-config mountPath: /var/www/html/mounts/siteConfig containers: - name: typo3-php-fpm volumeMounts: - name: typo3-site-config mountPath: /var/www/html/mounts/siteConfig volumes: - name: typo3-site-config emptyDir: {} <pre> The idea being: mount a volume somewhere not at the final location. Move your files into a subdirectory. Link that subdirectory to /config/sites.
Updated by Garvin Hicking about 1 month ago
I now checked but could not easily find the place that is causing your error. Do you have a full stacktrace?
A code like this (in typo3/sysext/core/Classes/Package/AbstractServiceProvider.php):
$finder = Finder::create() ->files() ->sortByName() ->depth(1) ->name('config.yaml') ->in($setPath);
would need to be adapted like this:
$finder = Finder::create() ->files() ->sortByName() ->ignoreUnreadableDirs() // NEW ->depth(1) ->name('config.yaml') ->in($setPath);
Updated by Gerrit Code Review about 1 month ago
- Status changed from Needs Feedback to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568
Updated by Garvin Hicking about 1 month ago
I tried this shotgun approach to adapt all places. Please try to apply it in your environment and tell me if it helps?
Updated by Paul Stoske 29 days ago ยท Edited
Edit: The logs didn't provided a more detailed stack trace than the one in my initial report. :/
Thanks for your changes! I recognized that your changes are in a branch created from version 13. I tried to apply your changes in an own local branch from version 12 but without success. It's not yet possible for me to upgrade to TYPO3 13 due to project internal dependencies. I'll come back soon (January I hope) to this, when I'm able to test your changes in a v13 environment.
Is that okay for you?
Happy holidays!
Paul
Updated by Garvin Hicking 29 days ago
Sure!
However - Most of the changes should also apply to v12 - search for Finder::create and then add a "->ignoreUnreadableDirs()" to the chain calls.
I din't think that this fix can be backported to v12 because it might have unforeseen consequences that shall not be applied to the version that is in "high prio bugfixes only" mode
Updated by Gerrit Code Review 23 days ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568
Updated by Gerrit Code Review 19 days ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568
Updated by Garvin Hicking 4 days ago
Did you maybe check if the patch works when changing the calls as outlined @Paul Stoske ?
Updated by Gerrit Code Review 4 days ago
Patch set 1 for branch 13.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87803
Updated by Garvin Hicking 4 days ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 309237e711461bbaaf65a2bc47796be1e8046710.