Ghost update fails if config.production.json is a link

[ErisDS]

From the forum: https://forum.ghost.org/t/ghost-update-fails-if-config-production-json-is-a-link/997

This issue is a

• Bug Report
• Feature Request

Summary

To facilitate source control of a multi-tenanted ghost VPS, I have all my config.production.json in /etc/ghost and have linked config.production.json from each blog back to the relevant file in etc.

Even though all the ownership and permissions of the relevant files - including the link-files themselves - are correct (i.e. non-root and non-ghost), the ghost update command fails with this error:

✔ Stopping Ghost
✔ Linking latest Ghost and recording versions
✖ Running database migrations
An error occurred.
Message: 'EACCES: permission denied, open '/var/www/normus.totahi.com/config.production.json''


Debug Information:
    OS: Debian, v9.4
    Node Version: v6.14.1
    Ghost-CLI Version: 1.7.1
    Environment: production
    Command: 'ghost update'

Additional log info available in: /home/normus/.ghost/logs/ghost-cli-debug-2018-04-18T16_28_42_550Z.log

Try running ghost doctor to check your system for known issues.

Log file (for a bug report)

Debug Information:
    OS: Debian, v9.4
    Node Version: v6.14.1
    Ghost-CLI Version: 1.7.1
    Environment: production
    Command: 'ghost update'
An error occurred.
Message: 'EACCES: permission denied, open '/var/www/normus.totahi.com/config.production.json''

Stack: Error: EACCES: permission denied, open '/var/www/normus.totahi.com/config.production.json'
    at Error (native)
    at Object.fs.openSync (fs.js:642:18)
    at Object.fs.writeFileSync (fs.js:1356:33)
    at Object.writeFileSync (/usr/lib/node_modules/ghost-cli/node_modules/jsonfile/index.js:117:13)
    at Config.save (/usr/lib/node_modules/ghost-cli/lib/utils/config.js:91:12)
    at Task.runMigrations [as task] (/usr/lib/node_modules/ghost-cli/lib/tasks/migrate.js:16:48)
    at Promise.resolve.then.then.skipped (/usr/lib/node_modules/ghost-cli/node_modules/listr/lib/task.js:168:30)
Code: EACCES
Path: /var/www/normus.totahi.com/config.production.jso

Technical details (for a bug report)

This is automatically output by Ghost-CLI if an error occurs, please copy & paste:

• OS:
• Node Version:
• Ghost-CLI Version:
• Environment:
• Command:

Bug submission checklist

Please fill out this checklist to acknowledge that you followed the requirements to submit a bug report.

• Tried to find help in the forum & docs
• Checked for existing issues
• Attached log file
• Provided technical details incl. operating system

[acburdine]

So I looked into this a bit further - the reason we're even overwriting that config file is so we could suppress the logging output of knex-migrator.

There are two problems here:

• the config.save function should probably check if the file is a symlink, and follow it if so
• we shouldn't be overwriting the config file during db migrations

For the second problem - there are a couple of potential solutions:

• We may not even need to suppress the output anymore since we're running knex-migrator as a subcommand. If this is the case, removing the logging overwrite code is definitely the better approach imo.
• If we still want to keep the output suppressed and the first approach doesn't work, we might be able to pass an environment variable to the knex-migrator process that overwrites the logging configuration, assuming we change a particular line in the config setup of ghost to allow nconf to parse env variables as JSON (see here)

[acburdine]

After doing some local testing, I was not able to reproduce the original issue when my permissions were correct. My guess is that the issue the user experienced in the forum was related to permissions issues, and not related to the fact that the config.production.json was a symlink.

That said, I've created a couple of PRs to remove the need to save the config during migrations, so that should fix the specific problem the user was running into.