I'm a bit perplexed about an issue I'm having with one of my commands.
I've got a command that runs every Monday morning, that loops through my subscribers, and for each one dispatches a job to my queue that syncs their data with a CRM.
public function handle()
{
Log::info('Starting Sync...');
// Get Active Subscibers
$subscribers = Example::get();
Log::info('Found ' . $subscribers->count() . ' subscribers.');
$count = 0;
foreach ($subscribers as $subscriber)
{
Log::info('Syncing data for subscriber: ' . $subscriber->name . '. Dispatching job to the queue...');
ExampleSyncJob::dispatch($subscriber)->delay(now()->addMinutes($count));
$count++;
}
Log::info('Subscription Sync Command completed.');
}
This runs fine, in my laravel log (I have daily logs set up) I can see all of the log entries from there, all good.
However - something seems to be happening within the job that changes the log file to be owned by root.
My job file looks like this;
public function handle(): void
{
Log::info('Starting job with subscription ID ' . $subscription->id);
....
// Do all of the processing
Log::info('Job completed.');
}
But none of the logs from within the jobs themselves are being written to my log file, and the jobs aren't running, but there's nothing in my error log - I think because the application doesn't have permission to write to the log any more.
When I SSH onto my server, today's laravel log is owned by root (rather than forge). So the job is doing something to change the ownership of the log file, which is in turn causing errors because my logs cannot be written to the log file.
However - when I SSH onto the server and run the command manually php artisan app:sync-data it works absolutely fine and all functions correctly, and the log file owner doesn't get updated. So I'm not sure why when I trigger it from my application it's causing this permissions error.
Also FYI; my console.php file has this which triggers the command:
// Runs Every Monday Morning At 2am
Schedule::command(SyncSubscriberData::class)
->weeklyOn(1, '02:00')
->environments(['production']);
Running Laravel 12.21
Make your schedule runner, queue workers and log rotation run from the same user the web server runs as, not root.
All actions in your app (processing web requests, scheduled tasks, artisan commands, queued jobs) should run as one dedicated user (I believe it's forge in your case); if root takes part, it breaks privileges.
That makes sense - how do I do that?
I'm using Laravel Forge if that helps.
@mhdev I'm not familiar with Forge, sorry. Maybe somebody will give you recomendations.
Based on what you wrote, I think your problem is about log rotating that runs as root. Check in /etc/logrotate.conf, /etc/logrotate.d/*.conf, there should be something about users, for example nginx rotated logs are stored with 0640 privileges for nginx:adm:
/var/log/nginx/*.log {
...
create 640 nginx adm
@mhdev Does your CRM provider not offer webhooks to allow you to keep data in sync? Rather than DDoS-ing their API to constantly sync data that may not have even change within the week?
@martinbean No they don't offer webhooks. The only way to sync data is via this way
@mhdev Which CRM is it?
Turns out the issue was that the command to run the scheduler:
php /home/forge/example.com/artisan schedule:run >> /dev/null 2>&1
Was being run as root, rather than forge.
For anyone else that comes across this issue, changing the user to forge won't fix the issue fully, because now forge user doesn't have permission to write to the scheduled- log, found in /home/forge/.forge because that is owned by root and doesn't get changed when you update the user to forge through the Laravel UI.
So you need to update permissions on /home/forge/.forge/scheduled-1234567.log (or whatever the ID of the scheduled task is within forge) to be owned by forge and everything should work fine.
Please or to participate in this conversation.