Picture display broken after upgrade to v0.11.5 : folder rights issue

[lapineige]

Hello,

On Yunohost installations, since version 0.11.5 new uploaded pictures are broken. They are not shown, neither the preview is. Even in compose view.
Alternative text is working.
I don't really know how to debug this. No horizon failed job, no supervisor issue, I can't find laravel log, no web console error…
No other error to report.
You can see an example here : https://photo.lapineige.fr/i/web/post/548580903387685397

Is that a know Pixelfed bug ?
How can I diagnose this ?

Thank you

---

Pixelfed : 0.11.5
Postgres: 13.9
PHP: 8.1 - recently upgraded, before Pixelfed 0.11.5 we were using php 8.0
Laravel : 9.52.4

[dansup]

Fixed in 22da264

[lapineige]

Great, that was fast, thanks a lot ! 🚀
We mainly depends on released version to upgrade, do you think you will make an hotfix for this, or should we try to upgrade to some specific commit (any advice ?) or to patch it ourselves ?

[lapineige]

I tried manually using this commit (or rather a later one #4276), it still fails. Example : https://photo.lapineige.fr/i/web/post/548958694320755247

[orangemelo11]

Just a random try of getting this fixed

can you try running php artisan storage:link

[lapineige]

ERROR The [public/storage] link already exists.

[lapineige]

How can I help to better diagnose this ?

[orangemelo11]

How can I help to better diagnose this ?

I’m sorry that you haven’t received a response yet meanwhile I can suggest small steps

try restarting your server / or php artisan cache:clear

you can also check if horizon is running on admin dashboard horizon active or inactive

if inactive try php artisan horizon:publish
and then run php artisan horizon

hope you will get this fixed soon

[lapineige]

It's only been 3 days, no worries :)

Restart + cache:clear, no difference.
Horizon is working, no failed job.

[mitexleo]

It's highly likely a permissions issue. Would you mind creating a account for me on your instance?

[lapineige]

What do you mean by permissions ?
Account permissions (I'm admin), or file permissions ?
This wasn't a problem before upgrading to v0.11.5. I don't understand why any file permission would have changed since that time. And old images are shown.
I quickly checked, all files in /var/www/pixelfed are owned by Pixelfed.

[mitexleo]

What do you mean by permissions ? Account permissions (I'm admin), or file permissions ? This wasn't a problem before upgrading to v0.11.5. I don't understand why any file permission would have changed since that time. And old images are shown. I quickly checked, all files in /var/www/pixelfed are owned by Pixelfed.

I'm talking about file permissions. Go to /var/www/pixelfed/public/storage and go deeper...

[mitexleo]

If I'm correct newly created folders should be owned by root. Create a user account on your instance and give me credentials.

[lapineige]

Go to /var/www/pixelfed/public/storage and go deeper...

Everything is owned by pixelfed user. No change since the (working) state before the upgrade.

If I'm correct newly created folders should be owned by root.

Why is that ? Pixelfed user would not be able to access them ? 🤔

[mitexleo]

Go to /var/www/pixelfed/public/storage and go deeper...

Everything is owned by pixelfed user. No change since the (working) state before the upgrade.

If I'm correct newly created folders should be owned by root.

Why is that ? Pixelfed user would not be able to access them ? 🤔

Yeah .. That's the problem .. You need to modify config/filesystems.php to fix it. Set Dir public permissions to 0755 or 0775 and Dir Private Permission to 0770. For public files set permission to 0644 or 0664 and private files permission to 0660.

[lapineige]

You need to modify config/filesystems.php to fix it.

How/why ? 🤔

What I don't understand is why it was working perfectly since that upgrade with folder and files owned by pixelfed users, and no longer since that upgrade. I don't understand why it should be owner by root.

edit:

Set Dir public permissions to 0755 or 0775 and Dir Private Permission to 0770. For public files set permission to 0644 or 0664 and private files permission to 0660.

You mean exactly as in this commit ? 22da264
I don't have the same file here. This is very strange.

…

This is something very strange indeed:
Just in case I tried to run the artisan media:fix-nonlocal-driver command as explained here #4278 (note: I'm not using S3)
Result: Command "media:fix-nonlocal-driver" is not defined.

But I upgraded to that precise commit, it should be included 🤔

[lapineige]

So… for some reason the patch wasn't applied.
I upgraded again to that version, the patch is here now, I have the filesystems.php changes, the new media:fix command is working (with no effect, as S3 is disabled).

But… it still doesn't work even with new media : https://photo.lapineige.fr/i/web/post/551045866359640065

[mitexleo]

Here's my filesystems.php:

[mitexleo]

What I don't understand is why it was working perfectly since that upgrade with folder and files owned by pixelfed users, and no longer since that upgrade. I don't understand why it should be owner by root.

Nor do I 😶 .. But this is how I fixed it.

Take a look at this: laravel/framework#42586

[lapineige]

Do you know where those files are stored so I can check manually before messing with all files rights and permissions ? 😅

[mitexleo]

Do you know where those files are stored so I can check manually before messing with all files rights and permissions ? 😅

Yeah ... Just upload an image ...

Open the image on a new tab from composer page.

You'll find the file path in the URL.

It should be /public/storage/m/_v2...

[lapineige]

And it is only /storage/m/_v2/, no public.
Even with that new version with this PR patch applied.

[mitexleo]

And it is only /storage/m/_v2/, no public. Even with that new version with this PR patch applied.

No. You have to go to /public/storage/m/_v2/

[lapineige]

I mean if I upload a new image its URL is in /storage/m/_v2/, not /public/storage/m/_v2/.
If I search for it in /public/storage/m/_v2/, I can find the file. It's owned by pixelfed user, and readable by all.
But the URL is wrong ?

[mitexleo]

I mean if I upload a new image its URL is in /storage/m/_v2/, not /public/storage/m/_v2/. If I search for it in /public/storage/m/_v2/, I can find the file. It's owned by pixelfed user, and readable by all. But the URL is wrong ?

No, the url is not wrong. Your root directory is set to /public . That's why it won't show up in the URL.

[mitexleo]

I mean if I upload a new image its URL is in /storage/m/_v2/, not /public/storage/m/_v2/. If I search for it in /public/storage/m/_v2/, I can find the file. It's owned by pixelfed user, and readable by all. But the URL is wrong ?

No, the url is not wrong. Your root directory is set to /public . That's why it won't show up in the URL.

Can you confirm that the permission of the directory that contains the actual image preview isn't set to 0700?

[sekretaerbaer]

works for me also to Mastodon

[lapineige]

Can you share the image (and its folder) rights and owners ? (I can provide instructions)

[sekretaerbaer]

namei -om /var/www/pixelfed/storage/app/public/m/_v2/436733357485973505/186f813ba-297a89/roz8VYElyVvd/HOLZErvRl3NCInhEZDwxFLL3ptjzUJoL9BmV8Ls7.jpg
f: /var/www/pixelfed/storage/app/public/m/_v2/436733357485973505/186f813ba-297a89/roz8VYElyVvd/HOLZErvRl3NCInhEZDwxFLL3ptjzUJoL9BmV8Ls7.jpg
 drwxr-xr-x root     root     /
 drwxr-xr-x root     root     var
 drwxr-xr-x root     root     www
 drwxr-x--- pixelfed www-data pixelfed
 drwxrwx--- pixelfed www-data storage
 drwxrwx--- pixelfed www-data app
 drwxrwx--- pixelfed www-data public
 drwxrwx--- pixelfed www-data m
 drwxrwx--- pixelfed www-data _v2
 drwxrwx--- pixelfed www-data 436733357485973505
 drwxr-x--- pixelfed www-data 186f813ba-297a89
 drwxr-x--- pixelfed www-data roz8VYElyVvd
 -rw-r--r-- pixelfed pixelfed HOLZErvRl3NCInhEZDwxFLL3ptjzUJoL9BmV8Ls7.jpg

[lapineige]

Thanks !
So in my case rights are identical except for the jpg : -rwxr-x---
So 750 for me, and 644 for you.
I tried to change it to 644, no luck, still not working :(

Is it a newly installed instance (post v0.11.7) ?

[sekretaerbaer]

Version: 0.11.8-ynh1 not reinstalled but since 0.11.3-ynh1 only always updated

[sekretaerbaer]

just made an update to version: 0.11.8-ynh2 and now I also have the error.

namei -om /var/www/pixelfed/storage/app/public/m/_v2/436733357485973505/186f813ba-297a89/aYcYVqIp6OxU/P9GvsPp8WpI9aB8f6xKNiktjYXl5FzZJaeBiiUkr.jpg
f: /var/www/pixelfed/storage/app/public/m/_v2/436733357485973505/186f813ba-297a89/aYcYVqIp6OxU/P9GvsPp8WpI9aB8f6xKNiktjYXl5FzZJaeBiiUkr.jpg
 drwxr-xr-x root     root     /
 drwxr-xr-x root     root     var
 drwxr-xr-x root     root     www
 drwxr-x--- pixelfed www-data pixelfed
 drwxrwx--- pixelfed www-data storage
 drwxrwx--- pixelfed www-data app
 drwxrwx--- pixelfed www-data public
 drwxrwx--- pixelfed www-data m
 drwxrwx--- pixelfed www-data _v2
 drwxrwx--- pixelfed www-data 436733357485973505
 drwxr-x--- pixelfed www-data 186f813ba-297a89
 drwxr-x--- pixelfed www-data aYcYVqIp6OxU
 -rwxr-x--- pixelfed www-data P9GvsPp8WpI9aB8f6xKNiktjYXl5FzZJaeBiiUkr.jpg

[sekretaerbaer]

Backup back to version: 0.11.8-ynh1. Now also here the error.
After I did
sudo chmod -R ug=rwX,o=rX /var/www/pixelfed/storage/app/public/
everything works as it should.

[lapineige]

That's is realllllly strange 🤔

I don't understand why you didn't have the issue but have it since the upgrade. The only thing it touches here is making theses folders rights equals to 750 🤔

Could you explain what this does ? (what's the equivalent XXX rights ?)

ug=rwX,o=rX

[sekretaerbaer]

I can't explain it either.

I have the command from here

YunoHost-Apps/pixelfed_ynh#211 (comment)

and it also seems to work only with version: 0.11.8-ynh1

[lapineige]

You mean it doesn't work with another version ? Which one ?

[sekretaerbaer]

I just tested it with Version 0.11.8-ynh3.
I noticed that new images / directories user / group pixelfed / pixelfed are created. And the public permission is missing the read permission.

drwxr-x--- 2 pixelfed pixelfed 4096 Jun 13:25 q4t0EWVqUPG3

I give the folder read and verbose permissions with public permissions

drwxr-xr-x 2 pixelfed pixelfed 4096 Jun 13:25 q4t0EWVqUPG3

the images are displayed

So it seems the wrong permissions are set when the folders are created

[lapineige]

the images are displayed

From Mastodon and so on you mean ?

Thanks for investigating.

So it seems the wrong permissions are set when the folders are created

This should have been solved :(

[sekretaerbaer]

Yes also from Mastodon, Calckey, Friendica etc. and also in Pixelfed where before only "No Preview Available" was displayed.

[lapineige]

Ok… so we might have some permissions to change 🤔
Again 🤔

[sekretaerbaer]

I did some tests today and with the following change in filesystems.php it works for me also with version 0.11.8-ynh3

                'dir' => [
                    'public' => 0775,
                    'private' => 0775,

[lapineige]

In my case for some reason with 0.11.8~ynh3 file owner are pixelfed:pixelfed and not pixelfed:www-data…
Changing it solves the issue.

I don't know why it was reverted to this 🤔

[webmink]

Yep, that update re-broke mine as well, no previews any more. I am not in a position to go in with a terminal right now to mess with configs and permissions so my instance will be broken until there's another update :-(

…

On Sat, Jun 17, 2023 at 11:43 PM lapineige ***@***.***> wrote: In my case for some reason with 0.11.8~ynh3 file owner are pixelfed:pixelfed and not pixelfed:www-data… Changing it solves the issue. I don't know why it was reverted to this 🤔 — Reply to this email directly, view it on GitHub <#4275 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKOFE73YBO2FGRD3EH2353XLYXHVANCNFSM6AAAAAAWRYKTAY> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- *Simon Phipps* *Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027 *Signal/Telegram/Mobile*: +44 774 776 2816

[sekretaerbaer]

the same here all new folders and files are pixelfed:pixelfed and no longer pixelfed:www-data and although I set the permissions of the folders in filesystems.php to 0775 the permissions are now at 0755

[lapineige]

I don't understand why…

[lapineige]

Ok, found it, it's was the conversion to packaging v2 in Yunohost that forgot the setting.

I will close this all fallback to Yunohost own repository: YunoHost-Apps/pixelfed_ynh#223

[lapineige]

For the record, this issue reappeared now with the Instagram import feature : https://forum.yunohost.org/t/pixelfed-0-11-9-instagram-import-no-preview-after-import/26071/10
It seems that again the permissions are not set correctly, files are owned by pixelfed:pixelfed instead of pixelfed:www-data. Any idea of another hardcoded value or something that could cause this on Pixelfed side ?

Should I open a separate issue ?

[lapineige]

For the record, the issue with normal upload was a configuration mistake, it is now solved. But not imports.

Any idea ? 🙏

[tigransimonyan]

I installed PixelFed (v0.11.13) on my home server and faced the same problem.

folder flags drwx------ for the new uploaded image.

sudo chmod -R ug=rwX,o=rX /var/www/pixelfed/storage/app/public/ helps, but I can't do it after every upload

what can I do now until you solve the problem?

[tigransimonyan]

As a temporary solution I changed this. Hopefully this won't cause any security issues.