I'm setting up the Puppet Dashboard for the first time. I have it running with the passenger module in Apache.
sudo rake RAILS_ENV=production reports:import
When I run this command, the tasks appear in the dashboard as failed.
630 new failed tasks
The details for each failure look something like this:
Importing report 201212270754.yaml at 2012-12-27 09:21 UTC
Permission denied - /var/lib/puppet/reports/rb-db1/201212270754.yaml
Backtrace
/usr/share/puppet-dashboard/app/models/report.rb:86:in `read'
/usr/share/puppet-dashboard/app/models/report.rb:86:in `create_from_yaml_file'
The report files were owned by puppet:puppet with a 640 permission by default.
I ran chmod a+rw on the reports directory, but I still get the same errors.
Any ideas on what I might be doing wrong here?
If you are running the puppet-dashboard server as root instead of as the puppet-dashboard user, you will see this error. My system is using /usr/share/puppet-dashboard/script/server on centos 6.4 using the puppet-dashboard-1.2.23-1.el6.noarch rpm from puppetlabs.
[root#hadoop01 puppet-dashboard]# cat /etc/sysconfig/puppet-dashboard
#
# path to where you installed puppet dashboard
#
DASHBOARD_HOME=/usr/share/puppet-dashboard
#DASHBOARD_USER=puppet-dashboard
DASHBOARD_USER=root
DASHBOARD_RUBY=/usr/bin/ruby
DASHBOARD_ENVIRONMENT=production
DASHBOARD_IFACE=0.0.0.0
DASHBOARD_PORT=3000
edit the file like above and then run the command
/etc/init.d/puppet-dashboard restart && /etc/init.d/puppet-dashboard-workers restart
my puppet-dashboard version is 1.2.23
Related
I have a simple python3 script running on ubuntu server 20.04 that tries to call clamd (clamav-daemon process) library to scan a file. The scan ping() and version() function all work correctly. However when I actually do a test write and scan, i get the following error:
{'/filedrop/test.doc': ('ERROR', "Can't open file or directory")}
This is the code that I used to call the test write and scan, and this is all standard sample from the clamd website:
open('/filedrop/test.doc','wb').write(clamd.EICAR)
print(cd.scan('/filedrop/test.doc'))
After the code is run, i get the following string in the test file which indicates that the python3 script was able to successfully write to the file, yet i keep getting the error that the file can't be opened when i use the clamd scan function.
This is the string that was written to the file:
X5O!P%#AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
I am also able to run clamscan from command line on the folder and it successfully scans the files as well.
I'm running as root user while the service is using clamav:clamav.
I did give read/write permission to the folder and the files to "other users", and also indicated by the fact that the file could be written by the python script.
I believe the solution to the problem here is that AppArmour is blocking clamd for that particular directory. I would look at the AppArmour profile for clamd. It should be called something like /etc/apparmor.d/clamav or similar. You can adjust that profile or alternatively disable it (according to Ubuntu):
sudo ln -s /etc/apparmor.d/profile.name /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/profile.name
More complete instructions available here:
https://help.ubuntu.com/community/AppArmor
You can also disable AppArmour, for the purposes of testing (I don't like to advise anyone to remove security features permanently), with:
sudo systemctl stop apparmor
sudo systemctl disable apparmor
I am setting up a spring boot application and when running it, it should generate a folder in the source directory (see step 3: https://www.baeldung.com/spring-boot-h2-database)
But when running the application I receive the following error:
org.h2.message.DbException: Log file error: "/data/sample.trace.db", cause: "org.h2.message.DbException: Error while creating file ""/data"" [90062-200]" [90034-200]
at org.h2.message.DbException.get(DbException.java:194)
at org.h2.message.TraceSystem.logWritingError(TraceSystem.java:294)
at org.h2.message.TraceSystem.openWriter(TraceSystem.java:315)
at org.h2.message.TraceSystem.writeFile(TraceSystem.java:263)
at org.h2.message.TraceSystem.write(TraceSystem.java:247)
at org.h2.message.Trace.error(Trace.java:194)
it seems to be a permission problem but I do not understand why. My current user, has admin permissons. What am I missing here?
When I encounter this problem on my machine I proceed through following steps:
If I don't know what user & group I am right now: $whoami && groups
What user is the program executed with (I'm not into Java so eg. PHP "echo exec('whoami');")
Who has access to the directory: $ls -la
3.1 If only owner has access and you are not the owner: $chown user:group file
3.2 If group and owner should have access consider: $chmod 770 file
I have created one .sh which contains java command required to run the tesng.XML file when I run this test.sh file on Jenkins it shows me permission denied error.
Jenkins console output:
Building in workspace /home/dev2/eclipse-workspace/weeklytask
[weeklytask] $ /bin/sh -xe /tmp/jenkins7439378074963422991.sh
+ ./test.sh
[TestNG] Running:
/home/dev2/eclipse-workspace/weeklytask/enquiryreminder.xml
Starting ChromeDriver 2.40.565383 (76257d1ab79276b2d53ee976b2c3e3b9f335cde7) on port 8120
Only local connections are allowed.
FOLLOW UP REMINDER CRON WEEKLY CHECK TESTCASE FAILED
PLEASE CHECK THE TIME INTERVAL SETTING
SET THE TIME INTERVAL TO 600
FOLLOW UP REMINDER CRON WEEKLY CHECK TESTCASE FAILED
PLEASE CHECK THE TIME INTERVAL SETTING
SET THE TIME INTERVAL TO 600
[[Utils]] Error while writing to /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.html: /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.html (**Permission denied**)
[[Utils]] Error while writing to /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.xml: /home/dev2/eclipse-workspace/weeklytask/test-output/Suite/Test.xml (Permission denied)
===============================================
Suite
Total tests run: 1, Failures: 1, Skips: 0
===============================================
[[Utils]] Error while writing to test-output/junitreports/TEST-verify.enquiryremindertest.xml: test-output/junitreports/TEST-verify.enquiryremindertest.xml (Permission denied)
Jenkins use the user jenkins. If you have created your file with other user, there might be permission issue on the file. To resolve change the permission on the files and allow other users to execute the script. You can use
chmod +x test.sh
The directory eclipse-workspace belongs to dev2 user and here jenkins user is trying to write data in it. Give jenkins write permission on this folder. try
sudo chmod -R a+rw /home/dev2/eclipse-workspace
For more details about permission you can view This tutorial
running the chef client like so:
root#chef-production-server:~# chef-client -j /etc/chef/first-boot.json
output :
Starting Chef Client, version 12.8.1
[2016-04-10T14:11:12+00:00] INFO: *** Chef 12.8.1 ***
[2016-04-10T14:11:12+00:00] INFO: Chef-client pid: 8556
[2016-04-10T14:11:13+00:00] INFO: Setting the run_list to ["recipe[sensu_client::default#0.1.0]", "recipe[simple_server::application_server_recipe#0.1.2]", "recipe[mongodb::default#0.16.2]"] from CLI options
[2016-04-10T14:11:13+00:00] INFO: Run List is [recipe[sensu_client::default#0.1.0], recipe[simple_server::application_server_recipe#0.1.2], recipe[mongodb::default#0.16.2]]
ERROR: ld.so: object '/usr/local/lib/libsnoopy.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
bla bla bla
cannot create directory ‘/home/jenkins/.rvm’: Permission denied
it has worked before, not anymore. also tried
sudo chef-client -j /etc/chef/first-boot.json
You have an ld preload set to force-open "libsnoopy" in all processes. From github the appears to be some kind of simplistic audit tool. For whatever reason, that file isn't loading so that would be something to check on. Try removing it from the preload config. Also check that /home exists and is mounted correctly.
I am trying to develop a CakePHP application, and I am using Vagrant to run a testing environment. However, I was getting this error in the browser
Warning (2):
session_start() [http://php.net/function.session-start]:
open(/var/lib/php/session/sess_speva7ghaftl8n98r9id5a7434, O_RDWR) failed:
Permission denied (13) [CORE/Cake/Model/Datasource/CakeSession.php, line 614]
I can get rid of the error by SSHing to the vm and doing
[vagrant#myserver ~]$ sudo su -
[root#myserver ~]# chown -R vagrant. /var/lib/php/session/
I don't want to have to do this every time I restart the vm, so I tried adding this to myserver.pp
exec { 'chown':
command => 'chown -R vagrant. /var/lib/php/session/',
path => '/bin',
user => 'root'
}
but it gets an error while starting up the vm...
err:
/Stage[main]/Myserver/Exec[chown]/returns: change from notrun to 0 failed:
chown -R vagrant. /var/lib/php/session/
returned 1 instead of one of [0] at /tmp/vagrant-puppet/manifests/myserver.pp:35
I was unable to find any useful examples of how to use exec on the internet, and I have never used Vagrant or Puppet before, so the above code is just the best guess I could come up with, and I apologize if it is a simple fix to get this working.
I have verified using which chown within the vm that the path is /bin, and the command is exactly the same as when I run it in the vm myself. I'm thinking it is the user that is causing problem. Do I have that line right? Is it even possible to exec commands as root from a .pp file?
When using exec, you normally have to enter the full path to the command you execute. So if you change your command into
exec { 'chown':
command => '/bin/chown -R vagrant:vagrant /var/lib/php/session/',
path => '/bin',
user => 'root'
}
it should work imo.
However, it depends a lot how you install your application. If the setup/start of the application is also managed with Puppet, you can also manage the directory you're interested in with Puppet, like this
file { "/var/lib/php/session" :
ensure => directory,
group => "vagrant",
owner => "vagrant",
recurse => true,
}
before you start your app. This would be much more the Puppet way, as you manage a reource then instead of executing commands. However, normally /var/lib/... should not be owned by someone other than root.
So you should maybe look into how your app is started and make it start with another user or as root. If it is started with an exec, you can add an additional property
user => root
to it and that should also do the trick.