Php
crond:無法設置組:不允許操作
今天早上我將我的 PHP 版本升級到 7.1,並且在 cron 嘗試執行時看到了一個問題
php /var/www/html/artisan schedule:run
(一個簡單的 PHP 命令)我看到了輸出:3/3/2017 10:39:00 AMcrond: can't set groups: Operation not permitted 3/3/2017 10:39:00 AMcrond: USER www-data pid 1562 cmd php /var/www/html/artisan schedule:run 3/3/2017 10:40:00 AMcrond: can't set groups: Operation not permitted 3/3/2017 10:40:00 AMcrond: USER www-data pid 1563 cmd php /var/www/html/artisan schedule:run 3/3/2017 10:41:00 AMcrond: can't set groups: Operation not permitted 3/3/2017 10:41:00 AMcrond: USER www-data pid 1564 cmd php /var/www/html/artisan schedule:run 3/3/2017 10:42:00 AMcrond: can't set groups: Operation not permitted 3/3/2017 10:42:00 AMcrond: USER www-data pid 1565 cmd php /var/www/html/artisan schedule:run 3/3/2017 10:43:00 AMcrond: can't set groups: Operation not permitted 3/3/2017 10:43:00 AMcrond: USER www-data pid 1566 cmd php /var/www/html/artisan schedule:run
正在執行的命令是 Laravel artisan 命令。它每分鐘執行一次,允許在應用程序本身內完成其他計劃的工作。此命令中沒有任何內容可以寫入任何文件或類似內容。計劃的工作與數據庫對話並發送一些電子郵件。應用程序日誌被發送到標準輸出,因為它是一個 Docker 容器。
cron
使用命令在容器中執行crond -f -d 8
。這是 Dockerfile:# This container should be used for any/all CLI processes # including cron, queues, etc. FROM php:7.1-alpine # Copy the application files to the container ADD . /var/www/html WORKDIR /var/www/html # fix permissions in CI RUN sed -ri 's/^www-data:x:82:82:/www-data:x:1000:1000:/' /etc/passwd \ && sed -ri 's/^www-data:x:82:/www-data:x:1000:/' /etc/group # Install Composer dependencies RUN apk add --update --no-cache git zip unzip \ # needed for spatie/laravel-backup mysql-client \ # needed for gd libpng-dev libjpeg-turbo-dev \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* RUN docker-php-ext-install pdo_mysql gd \ # needed for forking processes in laravel queues as of Laravel 5.3 pcntl # Ownership of the app dir for www-data RUN chown -R www-data:www-data /var/www/html /home/www-data/ # Put php artisan schedule:run in a crontab RUN echo "* * * * * php /var/www/html/artisan schedule:run" > /etc/crontabs/www-data # Make sure when users get into the container they aren't root USER www-data
我已經排除了這
php artisan schedule:run
是原因,因為我可以手動執行它並且一切都很好。這意味著它在 cron 中。cron 在幕後做了什麼可能導致此錯誤?
這是因為根據這兩個條件之一
man 2 setgroups
EPERM The calling process has insufficient privilege (the caller does not have the CAP_SETGID capability in the user namespace in which it resides). EPERM (since Linux 3.19) The use of setgroups() is denied in this user namespace. See the description of /proc/[pid]/setgroups in user_namespaces(7).
我想您沒有使用使用者命名空間,在這種情況下,docker 容器中不允許使用 CAP_SETGID 功能。您需要更改容器功能集來修復它。