PHP is_writable false for NFS folder although files can be written

Question

Sorry, I'm not sure, if this is the correct forum because I don't know the cause for the issue, I'm facing.

I installed NextCloud on a Raspbian (Stretch 9) and moved the data directory to a mounted NFS folder. When I try to access NextCloud, I got the error message 'Data directory is not writable'.

So I dug a better deeper and could finally isolate the issue to the interaction between PHP7.0 and the NFS:

For some reason, the application can write to the directory but is_writable returns false.

I have created the following PHP script:

<?php
$dirname = '/var/churros/data/nextcloud/';
//$dirname = '/tmp/';

$myfile = fopen($dirname.'newfile.txt', "w") or die("Unable to open file!");
$txt = "John Doe\n";
fwrite($myfile, $txt);
fclose($myfile);
echo nl2br("File ".$dirname."newfile.txt written\n");

if (touch($dirname.'/chkpt.tmp')) {
   echo nl2br("touch(".$dirname."/chkpt.tmp) successful\n");
} else {
   echo nl2br("touch(".$dirname."/chkpt.tmp) failed\n");
}

if (is_writable($dirname)) {
    echo 'Directory '.$dirname.' is writable';
} else {
    echo 'Directory '.$dirname.' is not writable';
}

phpinfo();
?>

The result is that

• newfile.txt is created in the data directory with the given text (John Doe)
• Touch succeeded, i.e. the checkpoint file is created
• is_writable returns false Screenshot of 'debug.php' with NFS directory
• When I change to directory to a local directory like \tmp everything is fine Screenshot of 'debug.php' with /tmp directory

My NFS is mounted as

192.168.1.100:/volume1/pidata/donut on /var/churros type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.103,local_lock=none,addr=192.168.1.100)

and obviously the user mapping and access rights are correct:

namei -l /var/churros/web/nextcloud/
f: /var/churros/web/nextcloud/
drwxr-xr-x root     root     /
drwxr-xr-x root     root     var
drwxr-xr-x root     root     churros
drwxr-xr-x www-data www-data web
drwxrwxr-x www-data www-data nextcloud

On the command line, as user www-data, I can access the directory and write to it as well.

Finally, SELinux is not installed/enabled on the box.

So: Any idea why PHP is_writable fails on the NFS directory or how I can debug this PHP function?

Answer 1

The issue could be the unix user id is different for user "www-data" for the 2 different systems.

In detail, from the php src, you can see that:

• is_writable() is defined at ext/standard/php_filestat.h, which uses:
• php_stat header file defined at php_stat()
• VCWD_ACCESS() function is used

In turn:

• VCWD_ACCESS()

is a convenience wrapper for virtual_access()

• virtual_access()

is thread safe wrapper around the access() function that takes per-thread virtual working directories into account.

Finally, looking access() doc:

The access() function checks the file named by the pathname pointed to by the path argument for accessibility according to the bit pattern contained in amode, using the real user ID in place of the effective user ID and the real group ID in place of the effective group ID.

and also at the access() linux documentation, it states:

access() may not work correctly on NFS file systems with UID mapping enabled, because UID mapping is done on the server and hidden from the client, which checks permissions. Similar problems can occur to FUSE mounts.

Try:

var_dump(stat('nfs-filename'));

and see which uid you get.

Reference:

Similar issue with php session in nfs