XF 2.0 Beta 7 upgrade and lot of permission errors

[Andy.N]

Moving a forum from latest 1.5.15a to beta 7 today and run into a few issues that are interesting. The site is running PHP 7.1.10, nginx 1.13.6 and mariadb 10.2.29

1) When trying to upgrade from web interface, it complains that /data and /internal_data is not globally writable so I run
chmod -R 777 /usr/local/www/forum/data/
chmod -R 777 /usr/local/www/forum/internal_data/

Refresh the page, restart nginx, etc does not seem to make a difference. So I ended up upgrading from CLI php cmd.php xf:upgrade which ran without issue.

2) Logging into ACP and try to do a file check and got this error

[LIST]
[*]League\Flysystem\Exception: Impossible to create the root directory "/usr/local/www/forum/internal_data/file_check"
[*]src/XF/LocalFsAdapter.php:1
[/LIST]
Stack trace
#0 src/vendor/league/flysystem/src/Adapter/Local.php(127): XF\LocalFsAdapter->ensureDirectory('/usr/local/www/...')
#1 src/vendor/league/flysystem/src/Filesystem.php(101): League\Flysystem\Adapter\Local->write('file_check/temp...', '{"missing":[],"...', Object(League\Flysystem\Config))
#2 [internal function]: League\Flysystem\Filesystem->put('file_check/temp...', '{"missing":[],"...', Object(League\Flysystem\Config))
#3 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('parent::put', Array)
#4 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('put', Array)
#5 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(57): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('put', Array)
#6 [internal function]: League\Flysystem\EventableFilesystem\EventableFilesystem->put('file_check/temp...', '{"missing":[],"...')
#7 src/vendor/league/flysystem/src/MountManager.php(269): call_user_func_array(Array, Array)
#8 src/vendor/league/flysystem/src/MountManager.php(179): League\Flysystem\MountManager->invokePluginOnFilesystem('put', Array, 'internal-data')
#9 src/XF/Job/FileCheck.php(136): League\Flysystem\MountManager->__call('put', Array)
#10 src/XF/Job/Manager.php(241): XF\Job\FileCheck->run(7.9999988079071)
#11 src/XF/Job/Manager.php(187): XF\Job\Manager->runJobInternal(Array, 7.9999988079071)
#12 src/XF/Job/Manager.php(103): XF\Job\Manager->runJobEntry(Array, 7.9999988079071)
#13 src/XF/Admin/Controller/Tools.php(120): XF\Job\Manager->runByIds(Array, 8)
#14 src/XF/Mvc/Dispatcher.php(249): XF\Admin\Controller\Tools->actionRunJob(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Tools', 'RunJob', 'html', Object(XF\Mvc\ParameterBag), 'tools', Object(XF\Admin\Controller\Tools), NULL)
#16 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#17 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#18 src/XF.php(328): XF\App->run()
#19 admin.php(13): XF::runApp('XF\\Admin\\App')
#20 {main}Request state
array(4) {
  ["url"] => string(30) "/forum/admin.php?tools/run-job"
  ["referrer"] => string(147) "testing/forum/admin.php?tools/run-job&only=fileCheck&_xfRedirect=%2Fforum%2Fadmin.php%3Ftools%2Ffile-check%2F1%2Fresults"
  ["_GET"] => array(1) {
    ["tools/run-job"] => string(0) ""
  }
  ["_POST"] => array(3) {
    ["_xfRedirect"] => string(77) "http://mfeapp1v.bc.baruch.cuny.edu/forum/admin.php?tools/file-check/1/results"
    ["_xfToken"] => string(8) "********"
    ["only_ids"] => string(1) "9"
  }
}

3) When I tried to delete my avatar, I got this error

[LIST]
[*]ErrorException: [E_WARNING] unlink(/usr/local/www/forum/data/avatars/o/0/1.jpg): Permission denied
[*] 
[*]src/vendor/league/flysystem/src/Adapter/Local.php:252
[*]Generated by: Andy Nguyen
[*] 
[*]Oct 20, 2017 at 8:12 PM
[/LIST]
Stack trace
#0 [internal function]: XF::handlePhpError(2, '[E_WARNING] unl...', '/usr/local/www/...', 252, Array)
#1 src/vendor/league/flysystem/src/Adapter/Local.php(252): unlink('/usr/local/www/...')
#2 src/vendor/league/flysystem/src/Filesystem.php(236): League\Flysystem\Adapter\Local->delete('avatars/o/0/1.j...')
#3 [internal function]: League\Flysystem\Filesystem->delete('avatars/o/0/1.j...', Array)
#4 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(431): call_user_func_array('parent::delete', Array)
#5 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(395): League\Flysystem\EventableFilesystem\EventableFilesystem->callFilesystemMethod('delete', Array)
#6 src/vendor/league/flysystem-eventable-filesystem/src/EventableFilesystem.php(330): League\Flysystem\EventableFilesystem\EventableFilesystem->delegateMethodCall('delete', Array)
#7 [internal function]: League\Flysystem\EventableFilesystem\EventableFilesystem->delete('avatars/o/0/1.j...')
#8 src/vendor/league/flysystem/src/MountManager.php(269): call_user_func_array(Array, Array)
#9 src/vendor/league/flysystem/src/MountManager.php(179): League\Flysystem\MountManager->invokePluginOnFilesystem('delete', Array, 'data')
#10 src/XF/Util/File.php(125): League\Flysystem\MountManager->__call('delete', Array)
#11 src/XF/Service/User/Avatar.php(486): XF\Util\File::deleteFromAbstractedPath('data://avatars/...')
#12 src/XF/Service/User/Avatar.php(444): XF\Service\User\Avatar->deleteAvatarFiles()
#13 src/XF/Pub/Controller/Account.php(442): XF\Service\User\Avatar->deleteAvatar()
#14 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Account->actionAvatar(Object(XF\Mvc\ParameterBag))
#15 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF:Account', 'Avatar', 'json', Object(XF\Mvc\ParameterBag), 'account', Object(XF\Pub\Controller\Account), NULL)
#16 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#17 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#18 src/XF.php(328): XF\App->run()
#19 index.php(13): XF::runApp('XF\\Pub\\App')
#20 {main}Request state
array(4) {
  ["url"] => string(21) "/forum/account/avatar"
  ["referrer"] => string(64) "http://testing/forum/account/account-details"
  ["_GET"] => array(1) {
    ["/forum/account/avatar"] => string(0) ""
  }
  ["_POST"] => array(8) {
    ["avatar_crop_x"] => string(1) "0"
    ["avatar_crop_y"] => string(2) "12"
    ["use_custom"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["delete_avatar"] => string(1) "1"
    ["_xfRequestUri"] => string(30) "/forum/account/account-details"
    ["_xfWithData"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}

4) In my inbox, there is an empty conversation dated 1969 which did not exist before the upgrade. Clicking on it will error out.

Server error log

[LIST]
[*]ErrorException: [E_NOTICE] Trying to get property of non-object
[*] 
[*]src/XF/Pub/Controller/Conversation.php:164
[/LIST]
Stack trace
#0 src/XF/Pub/Controller/Conversation.php(164): XF::handlePhpError(8, '[E_NOTICE] Tryi...', '/usr/local/www/...', 164, Array)
#1 src/XF/Mvc/Dispatcher.php(249): XF\Pub\Controller\Conversation->actionView(Object(XF\Mvc\ParameterBag))
#2 src/XF/Mvc/Dispatcher.php(88): XF\Mvc\Dispatcher->dispatchClass('XF\\Pub\\Controll...', 'View', 'html', Object(XF\Mvc\ParameterBag), 'conversations', Object(XF\Pub\Controller\Conversation), Object(XF\Mvc\Reply\Reroute))
#3 src/XF/Mvc/Dispatcher.php(41): XF\Mvc\Dispatcher->dispatchLoop(Object(XF\Mvc\RouteMatch))
#4 src/XF/App.php(1844): XF\Mvc\Dispatcher->run()
#5 src/XF.php(328): XF\App->run()
#6 index.php(13): XF::runApp('XF\\Pub\\App')
#7 {main}Request state
array(4) {
  ["url"] => string(27) "/forum/conversations/12665/"
  ["referrer"] => string(55) "http://testing/forum/conversations/"
  ["_GET"] => array(1) {
    ["/forum/conversations/12665/"] => string(0) ""
  }
  ["_POST"] => array(0) {
  }
}

 

[Andy.N]

Looking around more for similar error messages, it appears to be a file/folder permission or ownership.
All the files under those 2 folders are owned by nginx

drwxrwsrwx. 9 nginx nginx 4096 Sep 5 13:21 internal_data
drwxrwsrwx. 5 nginx nginx 72 Oct 21 2011 data

 

[rdn]

All the files under those 2 folders are owned by nginx

Then no need to chmod 777.

 

[Dnyan]

R u able to access yourdomain.com/install folder

If not check ssl conf or yourdomain.conf file and grant access to install, libraray etc.

And reupload files and do upgrade.

I m not exper but you may try this

 

[Mike]

If the files and folders are owned by nginx -- and that's who PHP is running as -- then indeed, normally you wouldn't need to chmod 0777.

At a guess, are you running something like SELinux? That may be limiting where writes can happen, so you would likely need to tweak those rules (or disable it).

 

[Andy.N]

If the files and folders are owned by nginx -- and that's who PHP is running as -- then indeed, normally you wouldn't need to chmod 0777.

At a guess, are you running something like SELinux? That may be limiting where writes can happen, so you would likely need to tweak those rules (or disable it).

It is indeed running SELinux with Red Hat 7.3
Here is content of the /etc/selinux/confix file. I disabled it and the errors went away. What would you suggest instead of disabling it completely.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are pr$
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

[Mike]

It's simplest to disable it and that is generally what happens. Unfortunately, I don't really know enough about SELinux to comment on how to configure it.

 

[Andy.N]

It's simplest to disable it and that is generally what happens. Unfortunately, I don't really know enough about SELinux to comment on how to configure it.

Yep. Disable it solved many permission issue.
Can you take a look at the bug with empty conversation messages?

Thank you