PHP apps fail with Permission denied: AH00091: httpd: could not open error log file
when run with a read-only user
#100
Labels
bug
Something isn't working
The upstream CNB spec encourages operators to use separate Linux users for build vs run images:
https://github.com/buildpacks/spec/blob/platform/0.13/platform.md#run-image
We've decided not to do this for the Heroku base images (at least for now), since we're not able to control application code, and we believe it will otherwise cause compatibility issues with a number of existing apps:
heroku/base-images#268
However, it would be ideal if our buildpacks and Getting started guide app templates at least supported the app images being run with a separate user (or with read-only layers), so that they can work with other base images or platforms that might choose to use separate users or mount the layers as read-only.
Testing all of our officially supported languages in the builder image (by adding
--user nobody
to thedocker run
invocation), I found that the PHP getting started guide app failed to boot:(see: https://github.com/heroku/cnb-builder-images/actions/runs/8877305233/job/24370680538#step:8:31)
To fix this, Apache would need to be configured to write logs to a file/directory
/tmp
instead of under a/layers
directory. (Plus something similar may also apply to nginx.)cc @dzuelke
The text was updated successfully, but these errors were encountered: