I have a Docker
image hosted in a app service on Azure
.
Everything works fine when I run a container for that image on my local machine.
But everything breaks down as soon as I put it in Azure.
I got Permission denied
everywhere, problems with apache that can't read the .htaccess
file, random Forbidden
errors on static files and so on...
So in order to find out what's going on I simplified to the point where I simply try to write a file.
The folder structure is the following:
/var (www-data:staff, 777)
| - /www (www-data:staff, 777)
| | - /public
| | | - index.php
In the index.php
I've got:
error_reporting(E_ALL);
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
$path = '/var/www';
var_dump(get_current_user());
var_dump(posix_getpwuid(posix_geteuid())['name']);
var_dump(is_readable($path));
var_dump(is_writable($path));
var_dump(ini_get('safe_mode'));
file_put_contents($path . '/test.log', 'test');
The output is:
string(8) "www-data"
string(8) "www-data"
bool(true)
bool(true)
bool(false)
Warning: file_put_contents(/var/www/test.log): failed to open stream: Permission denied in /var/www/public/index.php on line 14
If I change the file_put_contents
to write in the var
folder:
[...]
$path = '/var';
[...]
file_put_contents($path . '/test.log', 'test');
It works fine!
The two folders have the exact same permissions (777), owner (www-data) and group (staff).
I thought about SELinux
but I don't know if it is installed.
I didn't find any option to enable/disable it in the app service configuration and the getenforce
or setenforce
commands are not found when logged in web ssh.
Do you have any idea?
Thanks for your help.
IMPORTANT EDIT:
After a lot of tries, I figured that the problem is specific to the /var/www
folder.
If I try to write anywhere I should have access to, it works fine, but not in the /var/www
folder, no matter its access rights.
But I have more!
If I rename /var/www
to /var/www2
and then back to /var/www
: everything works!
I can create the test file I tried to create above, the site boots normally, log files are written normally, the routing works, etc.
So it seems there is something blocking access to everything under www
that is not related to the container, but probably to Azure
.
And this "thing" seem to stop when the folder cease to exist and never come back.
Any idea of what it could be?
EDIT 2:
It does't have to be /var/www
, I have the exact same behavior after changing the DirectoryRoot
from /var/www/public
to /var/app/public
.
Renaming /var/app
to /var/app2
and then back to /var/app
also solves the issue.
I'm out of ideas.