Server: RouteNotFoundException with NC 18.0.0 and PHP 7.4
Steps to reproduce
- Install Nextcloud 18.0.0
- Use PHP 7.4 FPM
- Try to load any page
Expected behaviour
Page should load and work.
Actual behaviour
NC tells me that the config file is not writable. occ log:watch gives me a stacktrace (see logs at the end).
Server configuration
Operating system:
Arch Linux rolling
Web server:
nginx 1.16.1
Database:
MariaDB 10.4.11
PHP version:
7.4
Nextcloud version: (see Nextcloud admin page)
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from NC 17
Where did you install Nextcloud from:
Arch Linux Repositories. But same problem with zip file from website
Signing status:
No errors have been found.
List of activated apps:
App list
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- calendar: 2.0.0
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- contacts: 3.1.6
- dav: 1.14.0
- federatedfilesharing: 1.8.0
- federation: 1.8.0
- files: 1.13.1
- files_accesscontrol: 1.8.1
- files_automatedtagging: 1.8.0
- files_external: 1.9.0
- files_pdfviewer: 1.7.0
- files_rightclick: 0.15.2
- files_sharing: 1.10.1
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- firstrunwizard: 2.7.0
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- mail: 1.0.0
- nextcloud_announcements: 1.7.0
- notes: 3.1.1
- notifications: 2.6.0
- oauth2: 1.6.0
- password_policy: 1.8.0
- photos: 1.0.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- recommendations: 0.6.0
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- spreed: 8.0.0
- support: 1.1.0
- survey_client: 1.6.0
- systemtags: 1.8.0
- text: 2.0.0
- theming: 1.9.0
- twofactor_backupcodes: 1.7.0
- twofactor_totp: 4.1.2
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- updatenotification
- user_ldap
Nextcloud configuration:
Config report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED VALUE MANUALLY***"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "18.0.0.10",
"overwrite.cli.url": "https:\/\/sefa.cloud",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"installed": true,
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"maintenance": false,
"theme": "",
"loglevel": 0,
"config_is_read_only": false,
"app_install_overwrite": [
"calendar"
]
}
}
Are you using external storage, if yes which one: local
Are you using encryption: no
Are you using an external user-backend, if yes which one: N/A
Client configuration
Browser:
Mozilla Firefox 72.0.1
Operating system:
Arch Linux rolling
Logs
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"zLEwu6VhHPx3VRpepQiY","level":3,"time":"2020-01-18T22:52:24+00:00","remoteAddr":"2003:d2:772f:1e00::b71","user":"--","app":"no app in context","method":"GET","url":"/settings/user","message":{"Exception":"Symfony\\Component\\Routing\\Exception\\RouteNotFoundException","Message":"Unable to generate a URL for the named route \"settings.Help.help\" as such route does not exist.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":339,"function":"generate","class":"Symfony\\Component\\Routing\\Generator\\UrlGenerator","type":"->","args":["settings.Help.help",[],1]},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/CachingRouter.php","line":59,"function":"generate","class":"OC\\Route\\Router","type":"->","args":["settings.Help.help",[],false]},{"file":"/usr/share/webapps/nextcloud/lib/private/URLGenerator.php","line":82,"function":"generate","class":"OC\\Route\\CachingRouter","type":"->","args":["settings.Help.help",[]]},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":203,"function":"linkToRoute","class":"OC\\URLGenerator","type":"->","args":["settings.Help.help"]},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":114,"function":"init","class":"OC\\NavigationManager","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/apps/theming/lib/ThemingDefaults.php","line":182,"function":"getAll","class":"OC\\NavigationManager","type":"->","args":["guest"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/defaults.php","line":263,"function":"getShortFooter","class":"OCA\\Theming\\ThemingDefaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/public/Defaults.php","line":169,"function":"getLongFooter","class":"OC_Defaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/core/templates/layout.guest.php","line":55,"function":"getLongFooter","class":"OCP\\Defaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":179,"args":["/usr/share/webapps/nextcloud/core/templates/layout.guest.php"],"function":"include"},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":151,"function":"load","class":"OC\\Template\\Base","type":"->","args":["/usr/share/webapps/nextcloud/core/templates/layout.guest.php",null]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":181,"function":"fetchPage","class":"OC\\Template\\Base","type":"->","args":[null]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":212,"function":"fetchPage","class":"OC_Template","type":"->","args":[null]},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":132,"function":"fetchPage","class":"OC_Template","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":300,"function":"printPage","class":"OC\\Template\\Base","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":269,"function":"printErrorPage","class":"OC_Template","type":"::","args":["Cannot write into \"config\" directory!","This can usually be fixed by giving the webserver write access to the config directory. See https://docs.nextcloud.com/server/18/go.php?to=admin-dir_permissions. Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it. See https://docs.nextcloud.com/server/18/go.php?to=admin-config",503]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":650,"function":"checkConfig","class":"OC","type":"::","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1089,"function":"init","class":"OC","type":"::","args":[]},{"file":"/usr/share/webapps/nextcloud/index.php","line":36,"args":["/usr/share/webapps/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/usr/share/webapps/nextcloud/3rdparty/symfony/routing/Generator/UrlGenerator.php","Line":144,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0","version":"18.0.0.10"}
{"reqId":"zLEwu6VhHPx3VRpepQiY","level":3,"time":"2020-01-18T22:52:24+00:00","remoteAddr":"2003:d2:772f:1e00::b71","user":"--","app":"no app in context","method":"GET","url":"/settings/user","message":{"Exception":"Symfony\\Component\\Routing\\Exception\\RouteNotFoundException","Message":"Unable to generate a URL for the named route \"photos.page.index\" as such route does not exist.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":339,"function":"generate","class":"Symfony\\Component\\Routing\\Generator\\UrlGenerator","type":"->","args":["photos.page.index",[],1]},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/CachingRouter.php","line":59,"function":"generate","class":"OC\\Route\\Router","type":"->","args":["photos.page.index",[],false]},{"file":"/usr/share/webapps/nextcloud/lib/private/URLGenerator.php","line":82,"function":"generate","class":"OC\\Route\\CachingRouter","type":"->","args":["photos.page.index",[]]},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":293,"function":"linkToRoute","class":"OC\\URLGenerator","type":"->","args":["photos.page.index"]},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":114,"function":"init","class":"OC\\NavigationManager","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/apps/theming/lib/ThemingDefaults.php","line":182,"function":"getAll","class":"OC\\NavigationManager","type":"->","args":["guest"]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/defaults.php","line":263,"function":"getShortFooter","class":"OCA\\Theming\\ThemingDefaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/public/Defaults.php","line":169,"function":"getLongFooter","class":"OC_Defaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/core/templates/layout.guest.php","line":55,"function":"getLongFooter","class":"OCP\\Defaults","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":179,"args":["/usr/share/webapps/nextcloud/core/templates/layout.guest.php"],"function":"include"},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":151,"function":"load","class":"OC\\Template\\Base","type":"->","args":["/usr/share/webapps/nextcloud/core/templates/layout.guest.php",null]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":181,"function":"fetchPage","class":"OC\\Template\\Base","type":"->","args":[null]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":212,"function":"fetchPage","class":"OC_Template","type":"->","args":[null]},{"file":"/usr/share/webapps/nextcloud/lib/private/Template/Base.php","line":132,"function":"fetchPage","class":"OC_Template","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/private/legacy/template.php","line":300,"function":"printPage","class":"OC\\Template\\Base","type":"->","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":269,"function":"printErrorPage","class":"OC_Template","type":"::","args":["Cannot write into \"config\" directory!","This can usually be fixed by giving the webserver write access to the config directory. See https://docs.nextcloud.com/server/18/go.php?to=admin-dir_permissions. Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it. See https://docs.nextcloud.com/server/18/go.php?to=admin-config",503]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":650,"function":"checkConfig","class":"OC","type":"::","args":[]},{"file":"/usr/share/webapps/nextcloud/lib/base.php","line":1089,"function":"init","class":"OC","type":"::","args":[]},{"file":"/usr/share/webapps/nextcloud/index.php","line":36,"args":["/usr/share/webapps/nextcloud/lib/base.php"],"function":"require_once"}],"File":"/usr/share/webapps/nextcloud/3rdparty/symfony/routing/Generator/UrlGenerator.php","Line":144,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0","version":"18.0.0.10"}
Nextcloud occ log:tail
Error no app in context Symfony\Component\Routing\Exception\RouteNotFoundException: Unable to generate a URL for the named route "settings.Help.help" as such route does not exist. at 2020-01-18T23:18:37+00:00
3rdparty/symfony/routing/Generator/UrlGenerator.php line 144
0. lib/private/Route/Router.php line 339
Symfony\Component\Routing\Generator\UrlGenerator->generate("settings.Help.help", [], 1)
1. lib/private/Route/CachingRouter.php line 59
OC\Route\Router->generate("settings.Help.help", [], false)
2. lib/private/URLGenerator.php line 82
OC\Route\CachingRouter->generate("settings.Help.help", [])
3. lib/private/NavigationManager.php line 203
OC\URLGenerator->linkToRoute("settings.Help.help")
4. lib/private/NavigationManager.php line 114
OC\NavigationManager->init(
)
5. apps/theming/lib/ThemingDefaults.php line 182
OC\NavigationManager->getAll("guest")
6. lib/private/legacy/defaults.php line 263
OCA\Theming\ThemingDefaults->getShortFooter(
)
7. lib/public/Defaults.php line 169
OC_Defaults->getLongFooter(
)
8. core/templates/layout.guest.php line 55
OCP\Defaults->getLongFooter(
)
9. lib/private/Template/Base.php line 179
include("\/usr\/share\/webapps\/nextcloud\/core\/templates\/layout.guest.php")
10. lib/private/Template/Base.php line 151
OC\Template\Base->load("\/usr\/share\/webapps\/nextcloud\/core\/templates\/layout.guest.php", null)
11. lib/private/legacy/template.php line 181
OC\Template\Base->fetchPage(null)
12. lib/private/legacy/template.php line 212
OC_Template->fetchPage(null)
13. lib/private/Template/Base.php line 132
OC_Template->fetchPage(
)
14. lib/private/legacy/template.php line 300
OC\Template\Base->printPage(
)
15. lib/base.php line 269
OC_Template::printErrorPage(
"Cannot write into \"config\" directory!",
"This can usually be fixed by giving the webserver write access to the config directory. See https:\/\/docs.nextcloud.com\/server\/18\/go.php?t ... g",
503
)
16. lib/base.php line 650
OC::checkConfig(
)
17. lib/base.php line 1089
OC::init(
)
18. index.php line 36
require_once("\/usr\/share\/webapps\/nextcloud\/lib\/base.php")
Scrumplex
👍5
All 26 comments
Hi, did you try the solution mentioned in the logs you posted?
"Cannot write into \"config\" directory!","This can usually be fixed by giving the webserver write access to the config directory. See https://docs.nextcloud.com/server/18/go.php?to=admin-dir_permissions. Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it. See https://docs.nextcloud.com/server/18/go.php?to=admin-config"
The nextcloud installation directory contains a folder "config". That folder and contained files should be writeable by the webserver user (likely "http") or the option for readonly should be set in config/config.php as mentioned above.
Please try that.
Schmuuu
on 19 Jan 2020
@Schmuuu
Hi there.
Thanks for pointing that out. I checked again and all files in the nextcloud web root are owned by the server process' user (http) and group (http). As you might see in the last log I posted, this message is shown as there is an Exception while loading the config. So this message does not really have anything to do with the problem
Scrumplex
on 19 Jan 2020
Hm, what about permissions? Just to be hundred percent sure, could you post the output of:
ls -la /usr/share/webapps/nextcloud
ls -la /usr/share/webapps/nextcloud/config
drwxr-xr-x 12 http http 4096 Jan 18 23:50 ./
drwxr-xr-x 6 root root 4096 Jan 14 21:38 ../
drwxr-xr-x 33 http http 4096 Jan 18 23:50 3rdparty/
drwxr-xr-x 51 http http 4096 Jan 19 00:00 apps/
-rw-r--r-- 1 http http 15752 Jan 18 20:35 AUTHORS
lrwxrwxrwx 1 http http 29 Jan 18 20:35 config -> /etc/webapps/nextcloud/config/
-rw-r--r-- 1 http http 3910 Jan 18 20:35 console.php
-rw-r--r-- 1 http http 34520 Jan 18 20:35 COPYING
drwxr-xr-x 23 http http 4096 Jan 18 23:50 core/
-rw-r--r-- 1 http http 5048 Jan 18 20:35 cron.php
-rw-r--r-- 1 http http 2537 Jan 18 20:35 .htaccess
-rw-r--r-- 1 http http 156 Jan 18 20:35 index.html
-rw-r--r-- 1 http http 2976 Jan 18 20:35 index.php
drwxr-xr-x 6 http http 4096 Jan 18 23:50 lib/
-rwxr-xr-x 1 http http 283 Jan 18 20:35 occ*
drwxr-xr-x 2 http http 4096 Jan 18 23:50 ocm-provider/
drwxr-xr-x 2 http http 4096 Jan 18 23:50 ocs/
drwxr-xr-x 2 http http 4096 Jan 18 23:50 ocs-provider/
-rw-r--r-- 1 http http 3056 Jan 18 20:35 public.php
-rw-r--r-- 1 http http 5235 Jan 18 20:35 remote.php
drwxr-xr-x 4 http http 4096 Jan 18 23:50 resources/
-rw-r--r-- 1 http http 26 Jan 18 20:35 robots.txt
-rw-r--r-- 1 http http 2381 Jan 18 20:35 status.php
drwxr-xr-x 3 http http 4096 Jan 18 23:50 themes/
drwxr-xr-x 2 http http 4096 Jan 18 23:50 updater/
-rw-r--r-- 1 http http 101 Jan 18 20:35 .user.ini
-rw-r--r-- 1 http http 363 Jan 18 20:35 version.php
And
ls -la /etc/webapps/nextcloud/config/
total 72
drwxr-xr-x 2 http http 4096 Jan 18 23:51 ./
drwxr-xr-x 3 http http 4096 Jan 18 23:50 ../
-rw-r----- 1 http http 870 Jan 18 23:51 config.php
-rw-r--r-- 1 http http 53323 Jan 18 20:35 config.sample.php
-rw-r--r-- 1 http http 495 Jan 18 20:35 .htaccess
I wanted to add: currently i just run a second fpm instance just for NC. It is on php 7.3, and that one works fine.
Scrumplex
on 19 Jan 2020
Does the other instance also have a soft link to the config?
Are you using "open_basedir" option in PHP and have the path /etc/webapps/nextcloud/config/ added?
I'm not a NC developer, so just for me it still sounds like an issue with writing to that file.
Setting the option
"config_is_read_only": true,
in the config.php could be worth a try.
Schmuuu
on 19 Jan 2020
Oh. Nice issue 馃憤 Config directory is not writeable. Nextcloud is trying to show a error page. On this page is a link to settings.Help#help. Url generation fails because the settings app is not loaded yet 馃挜
cc @rullzer @ChristophWurst
kesselb
on 19 Jan 2020
Hi!
I have the same issue (using Archlinux, NC 18 and php 7.4 fpm), I tried to add 'config_is_read_only' => true, to config.php. But I now have the same error displayed about the apps folder.
NC log
PHP message: {"reqId":"hMqJx84`geMo0S4gl9v2D","level":3,"time":"2020-01-19T14:36:56+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"--","app":"PHP","method":"GET","url":"/js/core/merged-template-prepend.js?v=d55808ba-0","message":"fopen(/usr/share/webapps/nextcloud/data/data_dir_writability_test_5e24698839cfe.tmp): failed to open stream: Read-only file system at /usr/share/webapps/nextcloud/lib/private/legacy/util.php#797","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0","version":"18.0.0.10"}
PHP message: {"reqId":"hMqJx84geMo0S4gl9v2D","level":3,"time":"2020-01-19T14:36:56+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"--","app":"no app in context","method":"GET","url":"/js/core/merged-template-prepend.js?v=d55808ba-0","message":{"Exception":"Symfony\\Component\\Routing\\Exception\\RouteNotFoundException","Message":"Unable to generate a URL for the named route \"settings.Help.help\" as such route does not exist.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":339,"function":"generate","class":"Symfony\\Component\\Routing\\Generator\\UrlGenerator","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/CachingRouter.php","line":59,"function":"generate","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/URLGenerator.php","line":82,"function":"generate","class":"OC\\Route\\CachingRouter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":203,"function":...
PHP message: {"reqId":"hMqJx84geMo0S4gl9v2D","level":3,"time":"2020-01-19T14:36:56+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"--","app":"no app in context","method":"GET","url":"/js/core/merged-template-prepend.js?v=d55808ba-0","message":{"Exception":"Symfony\\Component\\Routing\\Exception\\RouteNotFoundException","Message":"Unable to generate a URL for the named route \"photos.page.index\" as such route does not exist.","Code":0,"Trace":[{"file":"/usr/share/webapps/nextcloud/lib/private/Route/Router.php","line":339,"function":"generate","class":"Symfony\\Component\\Routing\\Generator\\UrlGenerator","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/Route/CachingRouter.php","line":59,"function":"generate","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/URLGenerator.php","line":82,"function":"generate","class":"OC\\Route\\CachingRouter","type":"->"},{"file":"/usr/share/webapps/nextcloud/lib/private/NavigationManager.php","line":203,"function":...
Reverting to php 7.3 does not throw any error.
Hazegard
on 19 Jan 2020
I tried to add
'config_is_read_only' => true,to config.php. But I now have the same error displayed about theappsfolder.
Right. I also did that earlier and the same thing happened.
Scrumplex
on 19 Jan 2020
Are you able to use occ? For example occ user:list and occ config:list system. I don't need the output. Only if they work. If so php used by the webserver is not able to access those files.
kesselb
on 19 Jan 2020
@kesselb works for me :tm:
Scrumplex
on 19 Jan 2020
It works for me too, for both php7.4 and php7.3
Hazegard
on 19 Jan 2020
Accoring to this bug discussion
https://bugs.archlinux.org/task/64689
the second comment suggests an override file to add ReadWritePaths. php-fpm 7.4 seems to have tightened security again. You can compare the differences of /usr/lib/systemd/system/php-fpm.service (php 7.4 on archlinux) and /usr/lib/systemd/system/php73-fpm.service.
This fixed it for me:
mkdir -p /etc/systemd/system/php-fpm.service.d/
chown root:root /etc/systemd/system/php-fpm.service.d/
chmod 755 /etc/systemd/system/php-fpm.service.d/
touch /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf
chown root:root /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf
chmod 644 /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf
and put the following content inside the file:
[Service]
ReadWritePaths = /usr/share/webapps/nextcloud/data
ReadWritePaths = /usr/share/webapps/nextcloud/apps
ReadWritePaths = /etc/webapps/nextcloud/config/
Then restart php-fpm and your webserver.
tiiiecherle
on 19 Jan 2020
👍3
Nice find!
This fixed it for me:
mkdir -p /etc/systemd/system/php-fpm.service.d/ chown root:root /etc/systemd/system/php-fpm.service.d/ chmod 755 /etc/systemd/system/php-fpm.service.d/ touch /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf chown root:root /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf chmod 644 /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf
You can skip these steps by just running systemctl --edit php-fpm.service and pasting the snipped below.
[Service] ReadWritePaths = /usr/share/webapps/nextcloud/data ReadWritePaths = /usr/share/webapps/nextcloud/apps ReadWritePaths = /etc/webapps/nextcloud/config/
Edit: Looks like my comment was duplicated a few times. githubstatus reports degraded performance regarding API :/
Scrumplex
on 19 Jan 2020
Glad I could help. It would be nice if these php 7.4 changes and the solving configuration could be added to the nextcloud documentation. Thanks ;)
tiiiecherle
on 19 Jan 2020
https://docs.nextcloud.com/server/18/admin_manual/installation/example_ubuntu.html
https://docs.nextcloud.com/server/18/admin_manual/installation/example_centos.html
We already have guides for Ubuntu and CentOS. Probably a starting point for a Arch guide ;)
kesselb
on 19 Jan 2020
@tiiiecherle I tried applying your workaround and I've encountered the following error when restarting php-fpm.service:
php-fpm.service: Failed to set up mount namespacing: /run/systemd/unit-root/usr/share/webapps/nextcloud/data: No such file or directory
Failed at step NAMESPACE spawning /usr/bin/php-fpm: No such file or directory
Here's my full
systemctl cat php-fpm.service
# /usr/lib/systemd/system/php-fpm.service
# It's not recommended to modify this file in-place, because it
# will be overwritten during upgrades. If you want to customize,
# the best way is to use the "systemctl edit" command.
[Unit]
Description=The PHP FastCGI Process Manager
After=network.target
[Service]
Type=notify
PIDFile=/run/php-fpm/php-fpm.pid
ExecStart=/usr/bin/php-fpm --nodaemonize --fpm-config /etc/php/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
# Set up a new file system namespace and mounts private /tmp and /var/tmp directories
# so this service cannot access the global directories and other processes cannot
# access this service's directories.
PrivateTmp=true
# The directories /home, /root and /run/user are made inaccessible and empty for processes
# invoked by this unit.
ProtectHome=true
# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
ProtectSystem=full
# Sets up a new /dev namespace for the executed processes and only adds API pseudo devices
# such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it,
# but no physical devices such as /dev/sda.
PrivateDevices=true
# Explicit module loading will be denied. This allows to turn off module load and unload
# operations on modular kernels. It is recommended to turn this on for most services that
# do not need special file systems or extra kernel modules to work.
ProtectKernelModules=true
# Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats,
# /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes
# of the unit. Usually, tunable kernel variables should only be written at boot-time, with the
# sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence
# recommended to turn this on for most services.
ProtectKernelTunables=true
# The Linux Control Groups (cgroups(7)) hierarchies accessible through /sys/fs/cgroup will be
# made read-only to all processes of the unit. Except for container managers no services should
# require write access to the control groups hierarchies; it is hence recommended to turn this on
# for most services
ProtectControlGroups=true
# Any attempts to enable realtime scheduling in a process of the unit are refused.
RestrictRealtime=true
# Restricts the set of socket address families accessible to the processes of this unit.
# Protects against vulnerabilities such as CVE-2016-8655
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
# Takes away the ability to create or manage any kind of namespace
RestrictNamespaces=true
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/php-fpm.service.d/override_nextcloud.conf
[Service]
ReadWritePaths = /usr/share/webapps/nextcloud/data
ReadWritePaths = /usr/share/webapps/nextcloud/apps
ReadWritePaths = /etc/webapps/nextcloud/config/
doronbehar
on 20 Jan 2020
@doronbehar is your NC data directory located there? If it has a different location you need to adjust that
Scrumplex
on 20 Jan 2020
Well I also have data in /var/lib/httpd/nextcloud but adding that to the ReadWritePaths doesn't help. It seems the issue is severer then that - it can't find /usr/bin/php-fpm.
doronbehar
on 20 Jan 2020
Oh right, you were right @Scrumplex - my data directory was somewhere else and changing that path fixed the issue. Thanks @tiiiecherle and @Scrumplex :beers: .
doronbehar
on 20 Jan 2020
All in all this "fix" explains the root cause of this issue. There still is the issue with the broken paths which should / could be fixed.
Scrumplex
on 20 Jan 2020
There still is the issue with the broken paths which should / could be fixed.
By Nextcloud?
kesselb
on 20 Jan 2020
There still is the issue with the broken paths which should / could be fixed.
By Nextcloud?
I don't know. It could be an issue with Symfony, so there is that. Maybe just a version bump for Symfony could fix it?
Scrumplex
on 20 Jan 2020
Ah. I almost forgot about the router thing. Yes that should be fixed.
kesselb
on 20 Jan 2020
I think this issue can be closed? I didn't encounter any errors on my server since the actual stable release of NC 18.
Scrumplex
on 31 Mar 2020
I've got the same issue on a fresh Docker Installation with a Synology NAS. Where can I set these settings?
michai27
on 10 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
dl5rcw
路
3Comments
mama21mama
路
3Comments
rullzer
路
3Comments
blackcrack
路
3Comments
williambargent
路
3Comments
Most helpful comment
Accoring to this bug discussion
https://bugs.archlinux.org/task/64689
the second comment suggests an override file to add ReadWritePaths. php-fpm 7.4 seems to have tightened security again. You can compare the differences of
/usr/lib/systemd/system/php-fpm.service(php 7.4 on archlinux) and/usr/lib/systemd/system/php73-fpm.service.This fixed it for me:
and put the following content inside the file:
Then restart php-fpm and your webserver.