After creating a custom log configuration for my app by adding myapp.conf into the /etc/rsyslog.d/ folder with the contents listed below:
if ( $programme contains "myapp" ) then {
action(type="omfile" file="/appl/logs/myapp.lo" FileOwner="myappowner" FileGroup="myappgroup" FileCreateMode="0644")
}
I went on creating a logrotate config as follows:
/appl/logs/myapp.log {
su myappowner myappgroup
rotate 10
maxsize 50M
monthly
missingok
compress
}
The logs are being created as expected but when I try to debug the newly created logrotate configuration with logrotate -d /etc/logrotate.d/myapp I get:
error: stat of /appl/logs/myapp.log failed: Permission denied
The /appl/logs/ folder is owned by the myappownder and myappgroup and the /appl/logs/myapp.log file has 644 permissions.
Related
I am setting up a spring boot application and when running it, it should generate a folder in the source directory (see step 3: https://www.baeldung.com/spring-boot-h2-database)
But when running the application I receive the following error:
org.h2.message.DbException: Log file error: "/data/sample.trace.db", cause: "org.h2.message.DbException: Error while creating file ""/data"" [90062-200]" [90034-200]
at org.h2.message.DbException.get(DbException.java:194)
at org.h2.message.TraceSystem.logWritingError(TraceSystem.java:294)
at org.h2.message.TraceSystem.openWriter(TraceSystem.java:315)
at org.h2.message.TraceSystem.writeFile(TraceSystem.java:263)
at org.h2.message.TraceSystem.write(TraceSystem.java:247)
at org.h2.message.Trace.error(Trace.java:194)
it seems to be a permission problem but I do not understand why. My current user, has admin permissons. What am I missing here?
When I encounter this problem on my machine I proceed through following steps:
If I don't know what user & group I am right now: $whoami && groups
What user is the program executed with (I'm not into Java so eg. PHP "echo exec('whoami');")
Who has access to the directory: $ls -la
3.1 If only owner has access and you are not the owner: $chown user:group file
3.2 If group and owner should have access consider: $chmod 770 file
I am deploying a Flask Application on Azure App Service using CI/CD integration with GitHub and Kudu.
After a new push to the repository, the app should be redeployed automatically as per the latest code. But the redeployment is failing with the following error logs:
...
Done running pip install.
Compressing existing 'antenv' folder...
Done in 31 sec(s).
Copying files to destination directory '/home/site/wwwroot'...
rsync: rename "/home/site/wwwroot/.logs.log.ghpy4f" -> "logs.log": Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1196) [sender=3.1.2]
rsync: rename "/home/site/wwwroot/.logs.log.ghpy4f" -> "logs.log": Permission denied (13)\nrsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1196) [sender=3.1.2]\n/opt/Kudu/Scripts/starter.sh oryx build /home/site/repository -o /home/site/wwwroot --platform python --platform-version 3.7 -i /tmp/8d811ef91eff275 -p compress_virtualenv=tar-gz -p virtualenv_name=antenv --log-file /tmp/build-debug.log
Note: "logs.log" file is a file in my project's root directory in which I am storing the runtime exceptions/errors of my application.
Thanks in advance!
I have created one .sh which contains java command required to run the tesng.XML file when I run this test.sh file on Jenkins it shows me permission denied error.
Jenkins console output:
Building in workspace /home/dev2/eclipse-workspace/weeklytask
[weeklytask] $ /bin/sh -xe /tmp/jenkins7439378074963422991.sh
+ ./test.sh
[TestNG] Running:
/home/dev2/eclipse-workspace/weeklytask/enquiryreminder.xml
Starting ChromeDriver 2.40.565383 (76257d1ab79276b2d53ee976b2c3e3b9f335cde7) on port 8120
Only local connections are allowed.
FOLLOW UP REMINDER CRON WEEKLY CHECK TESTCASE FAILED
PLEASE CHECK THE TIME INTERVAL SETTING
SET THE TIME INTERVAL TO 600
FOLLOW UP REMINDER CRON WEEKLY CHECK TESTCASE FAILED
PLEASE CHECK THE TIME INTERVAL SETTING
SET THE TIME INTERVAL TO 600
[[Utils]] Error while writing to /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.html: /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.html (**Permission denied**)
[[Utils]] Error while writing to /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.xml: /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.xml (Permission denied)
===============================================
Suite
Total tests run: 1, Failures: 1, Skips: 0
===============================================
[[Utils]] Error while writing to test-output/junitreports/TEST-verify.enquiryremindertest.xml: test-output/junitreports/TEST-verify.enquiryremindertest.xml (Permission denied)
Jenkins use the user jenkins. If you have created your file with other user, there might be permission issue on the file. To resolve change the permission on the files and allow other users to execute the script. You can use
chmod +x test.sh
The directory eclipse-workspace belongs to dev2 user and here jenkins user is trying to write data in it. Give jenkins write permission on this folder. try
sudo chmod -R a+rw /home/dev2/eclipse-workspace
For more details about permission you can view This tutorial
Iam running gitlab instance in ACI with Azure File Storage mount.
This is output of container:
storage_directory[/var/opt/gitlab/.ssh] (gitlab::gitlab-shell line 38) had an error: Mixlib::ShellOut::ShellCommandFailed: ruby_block[directory resource: /var/opt/gitlab/.ssh] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/resources/storage_directory.rb line 33) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of chmod 00700 /var/opt/gitlab/.ssh ----
STDOUT:
STDERR: chmod: changing permissions of '/var/opt/gitlab/.ssh': Operation not permitted
---- End output of chmod 00700 /var/opt/gitlab/.ssh ----
Ran chmod 00700 /var/opt/gitlab/.ssh returned 1
Is there anything that I have to do to correct permissions on Storage ?
I see that some files are created, so problem is explicitly with this...
I am using official image from docker hub. I dont want to use custom layer of image with correcting permissions.
Any idea?
Thanks
EDIT:
my deployment looks like this: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume-azure-files#mount-multiple-volumes
Azure Storage Account - File is basically SMB protocol, SA is mounted with root:root 777 permissions. If you need another permissions, You have to use Blob storage.
In our product, we had created services using daemontools. One of my service looks like this,
/service/test/run
/service/test/log/run (has multilog command to log into ./main dir)
/service/test/log/main/..
All the process and its directories are owned by root user. Now there is a security requirement to change like this,
Service should run in non-root user.
Log main directory should be readable only to user and groups.
For this, I have to change the 'run' file under 'log' directory. Also I need to change the permissions of 'main' directory under it.
Note that all these files under '/service' were owned by test-1.0-0.rpm. When I update my rpm, it overrides the existing run file and got error like this,
multilog: fatal: unable to lock directory ./main: access denied
I know we shouldn't override the 'run' file at run time. I have planned to follow these steps in my rpm script %post section,
//Stop service
svc -d /service/test/log
//Moving the main directory
mv /service/test/log/main /service/test/log/main_old
//Updated run file has code to create main with limited permissions.
//Start service
svc -u /service/test/log
In some articles, they suggested to recreate the 'lock' file under 'log/main'. Is there any other cleaner way of doing this without moving 'main' directory ? If not, is it safe to go with the above steps ?