php-fpm executing php-scripts as root

[psy0rz]

See https://github.com/magento/magento-cloud-docker/blob/develop/images/php/8.3-fpm/etc/php-fpm.conf#L6

There is no user directive, so by default php-fpm will try to run as root, which is allowed since the -R flag is used: https://github.com/magento/magento-cloud-docker/blob/develop/images/php/8.3-fpm/Dockerfile#L151

This in turn can create files as root, like stuff in /app/generated/...

Then when trying to switch to and from developer mode from the cli container (as user www), you will get permission issues.

Very strange that this is the default for an official magento container, is has to be a bug right?

[psy0rz]

So the correct file should have the user = www directive, like this:

[global]

error_log = /proc/self/fd/2
daemonize = no

[www]

user = www

; if we send this to /proc/self/fd/1, it never appears
access.log = /proc/self/fd/2

listen = [::]:9000

pm = dynamic
pm.max_children = 10
pm.start_servers = 4
pm.min_spare_servers = 2
pm.max_spare_servers = 6
pm.status_path = /status

clear_env = no

env[MAGE_MODE] = $MAGENTO_RUN_MODE

; Ensure worker stdout and stderr are sent to the main error log.
catch_workers_output = yes