fix: pre-create xdebug.log with world-writable permissions

[AaronFeledy]

Problem

When xdebug is enabled, the log file at /tmp/xdebug.log can be created as root:root during build_as_root or run_as_root steps. Subsequent runs as www-data then fail because the file is owned by root and not writable.

Fix

Pre-create the log file with chmod 666 during the same build_as_root_internal step that enables xdebug. Since this runs as root, the touch + chmod ensures the file exists with world-writable permissions before any user-level process tries to write to it.

Changes

• builders/php.js: Added touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log to the xdebug enable build step

---

Note

Low Risk
Low risk, limited to service build-time steps and changelog updates. Main consideration is the intentionally permissive chmod 666 on /tmp/xdebug.log, which could have minor side effects inside the container.

Overview
Prevents xdebug failures caused by /tmp/xdebug.log being created as root during build_as_root/run_as_root by adding a root build step that touches the file and sets it to chmod 666.

Updates the CHANGELOG.md Unreleased section to document the xdebug log ownership fix.

^{Written by Cursor Bugbot for commit 9c7df60. This will update automatically on new commits. Configure here.}

[netlify]

✅ Deploy Preview for lando-php ready!

Name	Link
🔨 Latest commit	9c7df60
🔍 Latest deploy log	https://app.netlify.com/projects/lando-php/deploys/69a9f786455d400008de7485
😎 Deploy Preview	https://deploy-preview-242--lando-php.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 83 (🔴 down 8 from production) Accessibility: 98 (no change from production) Best Practices: 100 (no change from production) SEO: 100 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Xdebug log created unconditionally even when xdebug disabled
  • Moved the xdebug log file creation inside the if (options.xdebug) conditional block so it only runs when xdebug is enabled.

Or push these changes by commenting:

@cursor push faad34056b

Preview (faad34056b)

diff --git a/builders/php.js b/builders/php.js
--- a/builders/php.js
+++ b/builders/php.js
@@ -248,12 +248,11 @@
         options.composer_version = options.composer_version.toString();
       }
 
-      // Pre-create xdebug log with world-writable permissions so root-owned builds
-      // don't block www-data from writing to it later
-      addBuildStep(['touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log'], options._app, options.name, 'build_as_root_internal');
-
       // Add build step to enable xdebug
       if (options.xdebug) {
+        // Pre-create xdebug log with world-writable permissions so root-owned builds
+        // don't block www-data from writing to it later
+        addBuildStep(['touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log'], options._app, options.name, 'build_as_root_internal');
         addBuildStep(['docker-php-ext-enable xdebug'], options._app, options.name, 'build_as_root_internal');
       }

[cursor]

Xdebug log created unconditionally even when xdebug disabled

Medium Severity

The touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log build step runs unconditionally for every PHP container, but the xdebug enable step on line 256 is gated behind if (options.xdebug). The log file pre-creation belongs inside that same conditional so it only runs when xdebug is actually enabled. Without this guard, every PHP build unnecessarily creates a world-writable file.