Composer Question

[therealjoshuad]

Expected Behavior (or desired behavior if a feature request)

Run composer as non root

---

Actual Behavior

Accidentally ran composer as root

---

Please confirm you have done the following before posting your bug report:

• I have enabled debug mode
• I have read checked the Common Issues page

---

Please provide answers to these questions before posting your bug report:

• Version of Snipe-IT you're running: 3.4.0-9
• What OS and web server you're running Snipe-IT on: Ubuntu 16.04, Apache
• What method you used to install Snipe-IT (install.sh, manual installation, docker, etc) following steps in snipe.sh
• If you're getting an error in your browser, include that error
• What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
• If a stacktrace is provided in the error, include that too.
• Any errors that appear in your browser's error console.
• Confirm whether the error is reproduceable on the demo.
• Include any additional information you can find in app/storage/logs and your webserver's logs.
• Include what you've done so far in the installation, and if you got any error messages along the way.
• Indicate whether or not you've manually edited any data directly in the database

---

I'm not getting any errors yet, but I goofed and used sudo when running "php composer.phar install --no-dev --prefer-source" (I think I originally got an access denied error when I didn't used sudo).

Is there any way to fix the permissions changed, or should I rebuild the server before getting too far in our implementation?

[snipe]

Did you install it globally, or just for that user?

[therealjoshuad]

To be honest, this is my first experience with composer, but this is the way it was installed:

cd /var/www/snipeit
curl -sS https://getcomposer.org/installer  | sudo php
sudo php composer.phar install --no-dev --prefer-source

[snipe]

You shouldn't need to pave the server. Try the following:

sudo rm composer.phar
sudo rm -Rf /home/<user>/.composer

If you install composer again as your regular web user, and it gives you a permission denied error, just rm whatever composer directory it's choking on. (Composer sticks some cache folders in various directories, depending on your distro.)

[therealjoshuad]

Okay, I removed composer.phar and .composer from my home dir.

I tried installing composer again, and I'm getting access denied trying to write to the /var/www/snipeit dir.

I see in #2168 you mention that root probably owns the folder. I checked, and it looks like www-data is the owner.

Is that fixed by changing the permissions to allow the user I'm logged in as to write to that dir? I tried searching around on running composer as www-data, but the lack of results leads me to believe that might not be the way to do it.

[snipe]

Can you show me the specific message?

[therealjoshuad]

snipe@webq01:/var/www/snipeit$ curl -sS https://getcomposer.org/installer | php
All settings correct for using Composer
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
The download failed repeatedly, aborting.

and here is the permissions from the web dir

snipe@webq01:/var/www$ ls -l
total 8
drwxr-xr-x  2 root     root     4096 Sep 16 08:21 html
drwxr-xr-x 13 www-data www-data 4096 Sep 20 08:27 snipeit

[snipe]

Can you run:

ls -al /var/www/snipeit

and tell me what you see?

[therealjoshuad]

snipe@webq01:/var/www$ ls -al /var/www/snipeit
total 368
drwxr-xr-x 13 www-data www-data   4096 Sep 20 08:27 .
drwxr-xr-x  4 root     root       4096 Sep 16 08:23 ..
drwxr-xr-x 12 www-data www-data   4096 Sep 16 08:23 app
-rw-r--r--  1 www-data www-data   1646 Sep 16 08:23 artisan
drwxr-xr-x  3 www-data www-data   4096 Sep 16 08:23 bootstrap
-rw-r--r--  1 www-data www-data   9210 Sep 16 08:23 c3.php
-rw-r--r--  1 www-data www-data    242 Sep 16 08:23 circle.yml
-rw-r--r--  1 www-data www-data    511 Sep 16 08:23 codeception.yml
-rw-r--r--  1 www-data www-data   2149 Sep 16 08:23 composer.json
-rw-r--r--  1 www-data www-data 185956 Sep 16 08:23 composer.lock
drwxr-xr-x  2 www-data www-data   4096 Sep 16 08:23 config
drwxr-xr-x  5 www-data www-data   4096 Sep 16 08:23 database
drwxr-xr-x  2 www-data www-data   4096 Sep 16 08:23 docker
-rw-r--r--  1 www-data www-data    614 Sep 16 08:23 docker.env
-rw-r--r--  1 www-data www-data   2897 Sep 16 08:23 Dockerfile
-rw-r--r--  1 www-data www-data     67 Sep 16 08:23 .dockerignore
-rw-r--r--  1 www-data www-data   1546 Sep 16 08:47 .env
-rw-r--r--  1 www-data www-data   1833 Sep 16 08:23 .env.example
-rw-r--r--  1 www-data www-data   1764 Sep 16 08:23 .env.testing
-rw-r--r--  1 www-data www-data   1758 Sep 16 08:23 .env.testing-ci
-rw-r--r--  1 www-data www-data   1711 Sep 16 08:23 gh-changelog.php
-rwxr-xr-x  1 www-data www-data     11 Sep 16 08:23 .gitattributes
drwxr-xr-x  2 www-data www-data   4096 Sep 16 08:23 .github
-rwxr-xr-x  1 www-data www-data    756 Sep 16 08:23 .gitignore
-rw-r--r--  1 www-data www-data   1486 Sep 16 08:23 gulpfile.js
-rw-r--r--  1 www-data www-data    251 Sep 16 08:23 .htaccess
-rw-r--r--  1 www-data www-data   1064 Sep 16 08:23 index.html
-rwxr-xr-x  1 www-data www-data  34519 Sep 16 08:23 LICENSE
-rw-r--r--  1 www-data www-data    873 Sep 16 08:23 phpunit.xml
drwxr-xr-x  6 www-data www-data   4096 Sep 16 08:23 public
-rw-r--r--  1 www-data www-data   3936 Sep 16 08:23 README.md
drwxr-xr-x  6 www-data www-data   4096 Sep 16 08:23 resources
-rw-r--r--  1 www-data www-data    567 Sep 16 08:23 server.php
drwxr-xr-x  7 www-data www-data   4096 Sep 16 08:23 storage
drwxr-xr-x  9 www-data www-data   4096 Sep 16 08:23 tests
-rw-r--r--  1 www-data www-data   1895 Sep 16 08:23 .travis.yml
drwxr-xr-x 35 www-data www-data   4096 Sep 16 08:41 vendor

[snipe]

What user are you logged in as now? (Type whoami)

[therealjoshuad]

The user is "snipe"

[snipe]

Is snipe part of the www-data group? The perms on the snipeit directory as drwxr-xr-x, so the user you're currently using needs to be part of the same group in order to write to it.

[therealjoshuad]

Ah, it's not. Is adding snipe to the www-data group ultimately the best practice, or would that be leaving some kind of security hole?

[snipe]

You should be able to add snipe to the www-data group (just don't do it the other way around, adding the www-data user to the snipe group.)

[therealjoshuad]

Thanks a lot for your help, especially since these are just OS related questions.

[snipe]

Did you get it working then?

[therealjoshuad]

I just got the chance to try it actually, I assumed it would have worked, but it throws the same error as before. failed to open stream: permission denied

However, I do see this line in the snipeit.sh script: sudo chown -R www-data:www-data /var/www/$name. Is that effectively "fixing" the permissions after it's ran with sudo?

[snipe]

Well, the tricksy bit is that composer stashes some caches in other places too. Can you give me the whole line of the latest error?

[therealjoshuad]

It just repeats 3 times and then quits. Here is the whole error:

All settings correct for using Composer
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
Downloading 1.2.1...
Could not create file /var/www/snipeit/composer.phar: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
Download failed: fopen(/var/www/snipeit/composer.phar): failed to open stream: Permission denied
fwrite() expects parameter 1 to be resource, boolean given
The download failed repeatedly, aborting.

[snipe]

And /var/www/snipeit/composer.phar definitely doesn't exist, right?

[snipe]

Let's try something else. Try installing composer globally:

https://getcomposer.org/doc/00-intro.md#globally

So, download composer.phar to wherever. /home/snipeit, whatever. Then run sudo mv composer.phar /usr/local/bin/composer.

Then try running the composer install for Snipe-IT

[snipe]

(Using sudo is okay here, since you have to move it to a part of the server that your normal user wouldn't have access to. It won't monkey anything up.)

[snipe]

When you try to run the composer install for Snipe-IT, however, do NOT run it as sudo or root. Just cd back to your snipe-it installation directory and run composer install --no-dev (etc)

[therealjoshuad]

Okay, I installed it globally, and when running install, It's getting access denied on various files, so I was deleting them one by one, but I feel like that could take a while.

[snipe]

Can you show me the output (including the errors?)

[therealjoshuad]

[snipe]

Do me a favor and just remove the vendor directory and re-run composer install --no-dev

[snipe]

(Composer is what populates the files in that directory, so it's okay to delete them. When you run composer install again, it will pull them back down.)

[therealjoshuad]

lulz.

[RuntimeException]
  /var/www/snipeit/vendor does not exist and could not be created.

[snipe]

mkdir /var/www/snipeit/vendor
chown -R www-data.www-data /var/www/snipeit/vendor

[snipe]

(you could also chown that to your own user.group, versus www-data. The web user never needs to write to it.)

[therealjoshuad]

Get this after creating vendor:

Loading composer repositories with package information
Installing dependencies from lock file
  [RuntimeException]
  /var/www/snipeit/vendor/vlucas/phpdotenv does not exist and could not be created.

I created that folder, and changed ownership to www-data like I did with vendor, and then get this:

Loading composer repositories with package information
Installing dependencies from lock file
  - Installing vlucas/phpdotenv (v2.3.0)
    Cloning 9ca5644c536654e9509b9d257f53c58630eb2a6a from cache
    Failed to download vlucas/phpdotenv from source: Could not delete /var/www/snipeit/vendor/vlucas/phpdotenv:
    Now trying to download from dist
  - Installing vlucas/phpdotenv (v2.3.0)
    Downloading: 100%
    Downloading: 100%
    Downloading: 100%
  [RuntimeException]
  Could not delete /var/www/snipeit/vendor/vlucas/phpdotenv:

[snipe]

You should definitely never need to create folders within the vendor dir. That's literally composer's job. Try deleting the contents (just the contents, not the dir) of vendor, chmodding to your current user (not www-data) and trying again.

rm -Rf /var/www/snipeit/vendor/*
chown -R snipeit.snipeit /var/www/snipeit/vendor
composer install --no-dev

(assuming your current user is snipeit)

[therealjoshuad]

There it goes. it's installing them now.

[snipe]

Oh thank fucking christ.

[therealjoshuad]

ha! now, the good stuff:

Generating autoload files
> php artisan clear-compiled
> php artisan optimize
Generating optimized class loader
Compiling common classes
PHP Fatal error:  Uncaught UnexpectedValueException: The stream or file "/var/www/snipeit/storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied in /var/www/snipeit/bootstrap/cache/compiled.php:13906
Stack trace:
#0 /var/www/snipeit/bootstrap/cache/compiled.php(13836): Monolog\Handler\StreamHandler->write(Array)
#1 /var/www/snipeit/bootstrap/cache/compiled.php(13596): Monolog\Handler\AbstractProcessingHandler->handle(Array)
#2 /var/www/snipeit/bootstrap/cache/compiled.php(13694): Monolog\Logger->addRecord(400, Object(UnexpectedValueException), Array)
#3 /var/www/snipeit/bootstrap/cache/compiled.php(13389): Monolog\Logger->error(Object(UnexpectedValueException), Array)
#4 /var/www/snipeit/bootstrap/cache/compiled.php(13360): Illuminate\Log\Writer->writeLog('error', Object(UnexpectedValueException), Array)
#5 /var/www/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(57): Illuminate\Log\Writer->error(Object(UnexpectedValueException))
#6 /var/www/snipeit/app/Excepti in /var/www/snipeit/bootstrap/cache/compiled.php on line 13906
PHP Fatal error:  Uncaught UnexpectedValueException: The stream or file "/var/www/snipeit/storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied in /var/www/snipeit/bootstrap/cache/compiled.php:13906
Stack trace:
#0 /var/www/snipeit/bootstrap/cache/compiled.php(13836): Monolog\Handler\StreamHandler->write(Array)
#1 /var/www/snipeit/bootstrap/cache/compiled.php(13596): Monolog\Handler\AbstractProcessingHandler->handle(Array)
#2 /var/www/snipeit/bootstrap/cache/compiled.php(13694): Monolog\Logger->addRecord(400, Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)
#3 /var/www/snipeit/bootstrap/cache/compiled.php(13389): Monolog\Logger->error(Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)
#4 /var/www/snipeit/bootstrap/cache/compiled.php(13360): Illuminate\Log\Writer->writeLog('error', Object(Symfony\Component\Debug\Exception\FatalErrorException), Array)
#5 /var/www/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(57): Illumin in /var/www/snipeit/bootstrap/cache/compiled.php on line 13906
Script php artisan optimize handling the post-install-cmd event returned with error code 255

[snipe]

That one's easy.

chown -R www-data.www-data /var/www/snipeit/storage
chmod -R 755 /var/www/snipeit/storage

[snipe]

(That's actually in the docs: https://snipe-it.readme.io/docs/configuration#required-set-directory-permissions )

[snipe]

Just so you can understand how permissions work a little better, the only things that really need to be owned by www-data are directories that need to be written to by the web server itself (aka via the web interface). So, log files (because when an error happens, it's your web server that logs that to a file), any directories where files would be uploaded to (since your web server is technically the user who is putting those files there), backups (since the web server is the user generating those backups and storing them), etc. Everything else can be owned by snipeit (or whatever your normal user is). But nothing inside your snipeit install directory should be owned by root. Does that make a little more sense?

[therealjoshuad]

Yeah, that makes sense. What would be the situation where the weird errors mentioned in the docs about composer? The reason for asking is, at the end of the deployment, is there any thing I can do to try and test to see those issues would present themselves?

[snipe]

If composer ran this time, it should be able to run every time, as long as you don't go monkeying around with the permissions.

The weird errors mentioned in the docs happen when you run composer as root, because then the vendors dir is owned by root, and if you try to run it as a normal user ever, you're going to get stuff exploding all over the place. Most of the time, people run it as root, and then forget they did, and then they don't understand why composer is shitting itself all over their website. It's very simple though - if you run composer as root, all of the files it pulls down will be owned as root, which means only root can ever overwrite them.

[therealjoshuad]

Ah, okay, I see. Thanks for helping out with this.

[snipe]

No problem - are you all sorted now? Can I close this ticket?

[therealjoshuad]

Yup, Okay to close

[snipe]

Woot.