0

I have a php-fpm (8.0.16) instance that cannot write files to an NFS share. I am using a simple php script for testing:

<?php

ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);

$fp = fopen('test.txt', 'a');

fwrite($fp, 'test'); 

When running via php-fpm, in a directory that is an NFS share, the following error is received:

Warning: fopen(test.txt): Failed to open stream: Read-only file system in /path/to/nfs/share/test-write.php

However, the following code:

<?php

ini_set('display_errors', 1);
ini_set('error_reporting', E_ALL);

$fp = fopen('/tmp/test.txt', 'a');

fwrite($fp, 'test');

works as expected.

The script works when run from the command line as the same user that is used to run php-fpm both in an directory on an NFS share, and in /tmp. Additionally, the script works as expected on earlier versions of php via php-fpm.

cplater
  • 1
  • 3
  • seems that www-data has no write access to the devices. or depending on what user you decide to use and mount. moreover apparmor can also play in thus party – djdomi Feb 20 '22 at 18:35
  • According to the error message, the NFS volume exported in read-only mode – kofemann Feb 20 '22 at 22:12
  • @kofemann I've ruled that out by writing to the NFS volume via CLI. I can run the same php file as the user:group apache:apache from php (cli) and it works. – cplater Feb 21 '22 at 13:43

1 Answers1

0

In the systemd php-fpm.service file there was a setting:

# Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit.
ProtectSystem=full

This is what was preventing php-fpm from being able to write to the NFS share as it was mounted in a subdirectory of /usr.

As mentioned here you can override this using systemctl edit php-fpm.service and adding paths that need write access:

[Service]
ReadWritePaths=\path\that\needs\write\access
cplater
  • 1
  • 3