Symfony's clear cache task will fail when trying to clear config cache files created by another user (ie. web server) when there are config files that are newer than the cached versions.
./symfony cc
>> cache Clearing cache type "all" for "frontend" app and "prod" env
Failed to write cache file "/var/www/promotions/current/cache/frontend/prod/config/config_settings.yml.php" generated from configuration file "config/settings.yml".
Analysis:
While cache folders are created with full permissions (777, or umask 000) the cache files are created with default permissions (644, or umask 022).
When the clear cache task executes, it iterates through all cached applications and environments and loads the configuration for each before doing the actual cleaning.
Because it loads the application configuration with debug mode turned on, sfConfigCache will check if any of the config files are newer than the cached version and reprocess each such file it finds.
Since the task runs under a user different from the owner of the config cache files, writing the new config cache file fails.
Stack trace:
at /var/www/promotions/current/lib/symfony/config/sfConfigCache.class.php:344
sfConfigCache->writeCacheFile at /var/www/promotions/current/lib/symfony/config/sfConfigCache.class.php:107
sfConfigCache->callHandler at /var/www/promotions/current/lib/symfony/config/sfConfigCache.class.php:194
sfConfigCache->checkConfig at /var/www/promotions/current/lib/symfony/config/sfApplicationConfiguration.class.php:113
sfApplicationConfiguration->initConfiguration at /var/www/promotions/current/lib/symfony/config/sfApplicationConfiguration.class.php:49
sfApplicationConfiguration->__construct at /var/www/promotions/current/lib/symfony/config/sfProjectConfiguration.class.php:342
sfProjectConfiguration::getApplicationConfiguration at /var/www/promotions/current/lib/symfony/task/cache/sfCacheClearTask.class.php:104
sfCacheClearTask->execute at /var/www/promotions/current/lib/symfony/task/sfBaseTask.class.php:77
sfBaseTask->doRun at /var/www/promotions/current/lib/symfony/task/sfTask.class.php:75
sfTask->runFromCLI at /var/www/promotions/current/lib/symfony/command/sfSymfonyCommandApplication.class.php:72
sfSymfonyCommandApplication->run at /var/www/promotions/current/lib/symfony/command/cli.php:20
include at /var/www/promotions/current/symfony:15
Proposed solutions:
Create the config cache files with full write permissions. Since the cache folders already have full write permissions and the sticky bit doesn't get set, everyone can delete cache files and then create another file with the same name. Therefore, it shouldn't make a difference from a security standpoint.
Alternatively, unlink the existing file before writing the new one.
