mkdir was 0755 — owner-only write. The dir often gets created once at
deploy time as root or whoever ran the first artisan command, then
www-data tries to write to it at runtime and bash redirects fail with
"Permission denied" mid-pipeline (after mysqldump has already started
streaming, leaving a 0-byte .enc behind).
- mkdir(0775) so group writes too; ensure-group-write is the typical
pattern for shared deploy/runtime users.
- Best-effort chmod 0775 on existing dirs to repair narrow modes when
we own the path.
- is_writable() pre-flight before kicking off any pipeline. Throws a
RuntimeException with the exact `chown` + `chmod` command to run,
including the discovered owner and the current process user — so the
fix is one paste away instead of grepping man pages.
This pairs with docker-laravel's start-container change that pre-creates
storage/backups/ owned by www-data on every boot. Either layer alone is
enough; both together means the failure mode disappears whether the
deployment uses our image or not.
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fabian Wagner ➖ a6a2f5842