Write permissions for PHP-FPM user

[jbleijenberg-ehvg]

Since the PHP 8.1.9 update, i'm encountering errors where the pool user (www-data) cannot write the error_log to /proc/self/fd/2 anymore.
This problem does not occur with PHP 8.1.8

We have our PHP base image, that uses php:8.1-fpm-alpine, we set our pool user to www-data in the correct configuration file.
We also set error_log to /proc/self/fd/2.

This image works without any problems.

Now we want to build a project specific image that uses our own PHP base image, with the difference that we change the user ID of www-data from 1000 to 1001.
After this we chown some log and project files, but that's it.
In this new container PHP-FPM cannot start anymore, because of write permissions to /proc/self/fd/2

Again, this problem does not occur with PHP 8.1.8

[wglambert]

Try /proc/1/fd/2?

Similar issues:
#1235
#878
#811

[jbleijenberg-ehvg]

Try /proc/1/fd/2?

Similar issues: #1235 #878 #811

I'd love to, but that doesn't change the fact that it broke during 2 releases

[wglambert]

Could you show the docker logs output and a minimum reproducer? Running the basic php:8.1.9-fpm as the user 1001 I'm not able to reproduce

As the user 1001 I can write to /proc/self/fd/2 (although it doesn't output to docker logs it has a 0 exit code). Testing it while exec'd into the container (/proc/self/fd/2 will redirect to the pseudo terminal in this case) and while doing an exec sh -c which doesn't give it a pseudo terminal

$ docker run -d --name php --user 1001 php:8.1.9-fpm
Unable to find image 'php:8.1.9-fpm' locally
8.1.9-fpm: Pulling from library/php
Digest: sha256:52247b6a8f13cfe5dd242eaf02966346248704ff127116a565420e979c7ec5bd
Status: Downloaded newer image for php:8.1.9-fpm
006356634f1298fee4b44e43343b00cf284f81333d5b02c41a96877500768deb

$ docker exec -it --user 1001 php bash
I have no name!@006356634f12:/var/www/html$ echo '/proc/self/fd/2' > /proc/self/fd/2
/proc/self/fd/2

I have no name!@006356634f12:/var/www/html$ echo $?
0

I have no name!@006356634f12:/var/www/html$ echo '/proc/1/fd/2' > /proc/1/fd/2

I have no name!@006356634f12:/var/www/html$ exit
exit

$ docker exec --user 1001 php sh -c "echo 'exec /proc/self/fd/2'/ > /proc/self/fd/2"
exec /proc/self/fd/2/

$ docker exec --user 1001 php sh -c "echo 'exec /proc/1/fd/2'/ > /proc/1/fd/2"

$ docker logs php
[18-Aug-2022 20:11:15] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Aug-2022 20:11:15] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[18-Aug-2022 20:11:15] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Aug-2022 20:11:15] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[18-Aug-2022 20:11:15] NOTICE: fpm is running, pid 1
[18-Aug-2022 20:11:15] NOTICE: ready to handle connections
/proc/1/fd/2
exec /proc/1/fd/2/

[wglambert]

Closing assuming this is resolved. If you need further help you could also try asking over at the Docker Community Forums, Docker Community Slack, or Stack Overflow