PHD as git user

[mwienk]

In commit #904082c5d7ebf97a8935d1864e7af2b993884848 the phd process is run as the git user. However, I see this in the logs:

[ STARTING ] /etc/init.simple/35-phd
/srv/phabricator/phabricator /
sudo: unable to execute bin/phd: Permission denied

I don't know if that is the real problem, but in my case, the image doesn't work. When I visit the page, I get a 'File not found' message. The access.log from nginx says there's an error in the FastCGI process:

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, 
client: x.y.z.a, server: , request: "GET /index.php HTTP/1.1", upstream: 
"fastcgi://unix:/tmp/php-fpm-phabricator.sock:", host: "x.y.z.a:49175"

Could these issues be related?

[hach-que]

sudo: unable to execute bin/phd: Permission denied

This definitely looks wrong. What version of Docker are you using?

[mwienk]

I was using 0.9.1. I just updated to 1.2.0, but the error is still there.

[hach-que]

What command are you using to run the image?

[mwienk]

docker run -d -t -p 22 -p 24 -p 843:843 \
   -p 22280:22280 -p 80 -v /opt/phabricator/scripts:/config \
   -v /opt/phabricator/repo:/srv/repo --name=phabricator \
   --link mysql:linked_mysql hachque/phabricator

and in the scripts.pre file

./bin/config set mysql.user "root"
./bin/config set mysql.pass "$LINKED_MYSQL_ENV_MYSQL_ROOT_PASSWORD"
./bin/config set phabricator.base-uri "http://tracker.xxx.com/"
./bin/config set mysql.host "$LINKED_MYSQL_PORT_3306_TCP_ADDR"
./bin/config set mysql.port "$LINKED_MYSQL_PORT_3306_TCP_PORT"

[hach-que]

Can you SSH into the instance and determine if bin/phd is marked as executable? Can you also see if sudo -u git bash works?

[mwienk]

bin/phd is a symlink to /srv/phabricator/phabricator/scripts/daemon/manage_daemons.php. That file seems alright:

4 -rwxr-xr-x  1 git wwwgrp-phabricator  615 Aug 30 14:50 manage_daemons.php

Bash doesn't look so fine:

55800aa94aa7:/srv/phabricator/phabricator/scripts> sudo -u git bash
bash: /etc/bash.bashrc: Permission denied
bash: /srv/phabricator/.bashrc: Permission denied
bash-4.2$

[hach-que]

Is AppArmor or SELinux running on the host?

I don't see how the got user could be denied access to /etc/bash.bashrc, or why bin/phd would not execute given it has the right permissions.

[mwienk]

The host has Linux xx.yy.zz 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

So no, nothing strange. But I will let you know when I got it fixed

[hach-que]

Did you end up resolving the issue?

[mwienk]

To be fair, no, but I got another docker image running pretty quickly, so I didn't put that much effort into it anymore. I'm sorry.