Project

General

Profile

Actions

Bug #105349

closed

Error: Reading of site configuration(s) fails because of filesystem permissions

Added by Paul Stoske 3 months ago. Updated 4 days ago.

Status:
Resolved
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2024-10-18
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hi!

I'm working with a TYPO3 instance hosted on a kubernetes cluster, my site configuration is inside a volume mount. Inside this volume mount exists a folder named "lost+found", owned by root and is not readable for the user inside my docker container, because of the filesystem type "ext4". When I'm trying to access the frontend/backend of the TYPO3 instance, I get the following error:

"Fri, 18 Oct 2024 14:16:10 +0000 [CRITICAL] request="380a25896d040" component="TYPO3.CMS.Core.Error.ProductionExceptionHandler": Core: Exception handler (WEB: BE): UnexpectedValueException, code #0, file /var/www/html/vendor/symfony/finder/Iterator/RecursiveDirectoryIterator.php, line 43: RecursiveDirectoryIterator::__construct(/var/www/html/config/sites/lost+found): Failed to open directory: Permission denied - {"mode":"WEB","application_mode":"BE","exception_class":"UnexpectedValueException","exception_code":0,"file":"/var/www/html/vendor/symfony/finder/Iterator/RecursiveDirectoryIterator.php","line":43,"message":"RecursiveDirectoryIterator::__construct(/var/www/html/config/sites/lost+found): Failed to open directory: Permission denied","request_url":"https://myurl/typo3","exception":null}"

Changing the filesystem type is sadly not an option nor using another user inside the docker container. I've already tried to change the permissions of the "lost+found" folder without any success.

Is there another possible solution? Any help will be appreciated. :)

Thanks in advance!
Paul

Actions #1

Updated by Garvin Hicking about 2 months ago

  • Category set to File Abstraction Layer (FAL)
  • Status changed from New to Needs Feedback

Could you maybe create a subfolder in your volume and mount that subfolder instead? Then "lost+found" would not be at the root level and disturb the operation.

Actions #2

Updated by Paul Stoske about 2 months ago

Garvin Hicking wrote in #note-1:

Could you maybe create a subfolder in your volume and mount that subfolder instead? Then "lost+found" would not be at the root level and disturb the operation.

Hey Garvin, already tried that, sadly the same result. Is it possible to modify TYPO3's behavior when reading the site configurations?

Actions #3

Updated by Garvin Hicking about 2 months ago

Hey Garvin, already tried that, sadly the same result. Is it possible to modify TYPO3's behavior when reading the site configurations?

Not easily, because TYPO3 really expects that the directory contains readable files. The only thing that could be done is to catch the exception to display a real error message, but that would still result in a "faulty" setup.

Usually, "lost+found" should only occur at the root of a filesystem.

So let's say you have:

"/mnt/someMountpointRoot" as the root
"/var/www/config/sites" which points to "/mnt/someMountpointRoot"

then "/mnt/someMountpointRoot/lost+found" would be available to TYPO3.

What I meant was that you do this:

"/mnt/someMountPointRoot/TYPO3/" (note, this should not have a "lost+found"!)
"/mnt/someMountPointRoot/TYPO3/site1", "/mnt/someMountPointRoot/TYPO3/site2" and so on
"/var/www/config/sites" which points to "/mnt/someMountpointRoot/TYPO3/"

That would resolve only:

"/var/www/config/sites/site1", "/var/www/config/sites/site2"

because "lost+found" is not actually linked into the TYPO3 installation. Did you try exactly this?!

Actions #4

Updated by Paul Stoske about 1 month ago

Hey, sorry for not answering, got much to do at work. :/

Garvin Hicking wrote in #note-3:

What I meant was that you do this:

"/mnt/someMountPointRoot/TYPO3/" (note, this should not have a "lost+found"!)
"/mnt/someMountPointRoot/TYPO3/site1", "/mnt/someMountPointRoot/TYPO3/site2" and so on
"/var/www/config/sites" which points to "/mnt/someMountpointRoot/TYPO3/"

That would resolve only:

"/var/www/config/sites/site1", "/var/www/config/sites/site2"

because "lost+found" is not actually linked into the TYPO3 installation. Did you try exactly this?!

My problem is that it's not possible for me to build filesystem links like you proposed. I just can define a volumeMount inside my HELM chart like this:

spec:
  template:
    spec:
      containers:
        - name: typo3-php-fpm
          volumeMounts:
            - name: typo3-site-config
              mountPath: /var/www/html/config/sites
[...]

If I'm using a subPath it won't work either. My problem would be solved if TYPO3 ignores subfolders without the necessary permissions.

Not easily, because TYPO3 really expects that the directory contains readable files. The only thing that could be done is to catch the exception to display a real error message, but that would still result in a "faulty" setup.

Could you possibly explain why this is the only thing that could be done? Wouldn't a warning just do the trick or am I missing something?

Thanks in advance! :)

Actions #5

Updated by Garvin Hicking about 1 month ago

Suppressing an exception might be barder because the traverser might cancel the whole iterator as soon as it fails. Would need to look up if that is an option. I was just trying to find a way for you that would not involve: Creating a patch, verifying the patch, getring votes, getting it merged, creating a release, you using the release. ;-)

How about doing a symlink on your mount. I haven't used helm charts but maybe something like this could work:

spec:
  template:
    spec:
      initContainers:
        - name: init-symlink
          image: busybox
          command:
            - sh
            - -c
            - |
              ln -s /var/www/html/mounts/siteConfig/typo3 /var/www/html/config/sites
          volumeMounts:
            - name: typo3-site-config
              mountPath: /var/www/html/mounts/siteConfig
      containers:
        - name: typo3-php-fpm
          volumeMounts:
            - name: typo3-site-config
              mountPath: /var/www/html/mounts/siteConfig
      volumes:
        - name: typo3-site-config
          emptyDir: {}
<pre>

The idea being: mount a volume somewhere not at the final location. Move your files into a subdirectory. Link that subdirectory to /config/sites.
Actions #6

Updated by Garvin Hicking about 1 month ago

I now checked but could not easily find the place that is causing your error. Do you have a full stacktrace?

A code like this (in typo3/sysext/core/Classes/Package/AbstractServiceProvider.php):

            $finder = Finder::create()
                ->files()
                ->sortByName()
                ->depth(1)
                ->name('config.yaml')
                ->in($setPath);

would need to be adapted like this:

            $finder = Finder::create()
                ->files()
                ->sortByName()
                ->ignoreUnreadableDirs() // NEW
                ->depth(1)
                ->name('config.yaml')
                ->in($setPath);
Actions #7

Updated by Gerrit Code Review about 1 month ago

  • Status changed from Needs Feedback to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568

Actions #8

Updated by Garvin Hicking about 1 month ago

I tried this shotgun approach to adapt all places. Please try to apply it in your environment and tell me if it helps?

Actions #9

Updated by Paul Stoske 29 days ago ยท Edited

Edit: The logs didn't provided a more detailed stack trace than the one in my initial report. :/

Thanks for your changes! I recognized that your changes are in a branch created from version 13. I tried to apply your changes in an own local branch from version 12 but without success. It's not yet possible for me to upgrade to TYPO3 13 due to project internal dependencies. I'll come back soon (January I hope) to this, when I'm able to test your changes in a v13 environment.

Is that okay for you?

Happy holidays!

Paul

Actions #10

Updated by Garvin Hicking 29 days ago

Sure!

However - Most of the changes should also apply to v12 - search for Finder::create and then add a "->ignoreUnreadableDirs()" to the chain calls.

I din't think that this fix can be backported to v12 because it might have unforeseen consequences that shall not be applied to the version that is in "high prio bugfixes only" mode

Actions #11

Updated by Gerrit Code Review 23 days ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568

Actions #12

Updated by Gerrit Code Review 19 days ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87568

Actions #13

Updated by Garvin Hicking 4 days ago

Did you maybe check if the patch works when changing the calls as outlined @Paul Stoske ?

Actions #14

Updated by Gerrit Code Review 4 days ago

Patch set 1 for branch 13.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/87803

Actions #15

Updated by Garvin Hicking 4 days ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF