/etc/icingaweb2 not writable by default since PHP 7.4 FPM

[nilmerg]

A user on SLES 15 SP2 had the issue that /etc/icingaweb2 is not writable. That's because php fpm has ProtectSystem=full in its default systemd unit file since version 7.4.

We should check which of our supported distributions are also affected. For affected ones, we then should provide a custom unit file then. (Probably, if anyone has a better alternative, mention it here)

From: https://github.com/Icinga/icingaweb2/issues/4335 PHP Issue: https://bugs.php.net/bug.php?id=72510 PHP PR: https://github.com/php/php-src/commit/40c4d7f1820df1872a71ab07fd26da45a203e37f

[dgoetz]

If required please do not provide a custom unit file, just use a drop-in file named icingaweb2.conf or similar setting ProtectSystem=true allowing write for /etc and also place it in the system path /usr/lib/systemd/system/ and not user path /etc/systemd/system like it was done with Icinga 2.

Advantage of the drop-in would be to only override the required values and not taking over responsibility for the service. Advantage of the system path would be, that admins can still override in the user path without requiring a specific file order.

[nilmerg]

This applies to SLES only, and only by installing php-fpm manually. Our packages don't do that automatically, so I'm not keen on providing even a drop-in file.

I'll leave a note in the installation documentation for Icinga Web 2, but that's it for now.

[htriem]

@nilmerg Is that something we should invest more time in, or is the current behaviour acceptable?

[nilmerg]

Our packages don't do that automatically

says all. I reckon? :man_shrugging: