Upgrade getting Permission denied errors

(Nic Hubbard) #1

I am performing an upgrade using the Upgrade Scripts, running as root. When step_03 gets run, we are getting a lot of Permission Denied errors, e.g.:

PHP Warning
File : [SYSTEM_ROOT]/core/lib/DAL/DALBaker.inc
Line : 802
file_put_contents([SYSTEM_ROOT]/data/private/Oven/core/getAuthRedirect.xml): failed to open stream: Permission denied

Maybe 50 errors pertaining to the DALBaker.inc file, then one last permissions error:

PHP Warning
File : [SYSTEM_ROOT]/packages/puc/package_manager_puc.inc
Line : 46
mkdir(): Permission denied


This is a custom package that we have.

Any idea why I would be getting these errors, even when running as root?

(Marcus Fong) #2

You wouldn’t have SELinux enabled, would you? If you run the getenforce command, what does it say?

(Nic Hubbard) #3

We are using Ubuntu.

(Marcus Fong) #4

Ubuntu does have SELinux packages, doesn’t it? I thought it just wasn’t installed and enabled by default.

(Nic Hubbard) #5

Finally getting back to this and try a new install.

I ran getenforce and it just says: Disabled. What does this mean?

(Nic Hubbard) #6

It seems that every .xml file in /data/private/Oven/* gets a failed to open stream: Permission denied error.

(Marcus Fong) #7

getenforce returning “Disabled” is correct. It means SELinux is off, which is what you want.

Can you touch the XML files directly from the shell, as root?

(Nic Hubbard) #8

Yes I can. Here are one of the files permissions:

-rw-r--r-- 1 root root 646 Nov 6 23:55 deleteCalendarEvent.xml

Look strange at all?

(Marcus Fong) #9

Ah. I’ve checked the automatic upgrade script and it actually performs a sudo to the owner of the Matrix “data” directory when it runs the install steps. Typically that’s “apache” on RHEL/CentOS/SL and “www-data” on Debian - I think you run Debian, Nic?

So everything in the data directory needs to be owned by the same user, or you’ll get those errors.

(Nic Hubbard) #10

We are using Ubuntu and our apache user is www-data.

In the main.conf file I set the file_perms user and group to www-data but it didn’t help the issue. Was that what I was suppose to do?

(Marcus Fong) #11

You can forcibly set those in the upgrade script’s main.conf, but if you don’t it just takes them from the owner and group of the data directory.

The main thing I’d do is:

chown -R www-data:www-data data

in the Matrix directory.

(Nic Hubbard) #12

That does seem to fix the Permission denied errors. However, I have a new error:

| PHP Warning                                               |
| File : [SYSTEM_ROOT]/packages/puc/package_manager_puc.inc |
| Line : 46                                                 |
| mkdir(): Permission denied                                |

This is our custom PUC package. Should I be setting the owner for this too?

(Marcus Fong) #13

It’s possible you might have to, if the custom package is writing to its own directory for some reason.

What does line 46 of packages/puc/package_manager_puc.inc actually say?

(Nic Hubbard) #14
$path = SQ_LIB_PATH.'/puc_files';
if (!is_dir($path)) {

It is creating a directory where we place files for the clearbox photo gallery library.

(Nic Hubbard) #15

Strange I have never had to do any of these permissions or owner steps before when using the upgrade scripts…

(Marcus Fong) #16

Firstly, the upgrade scripts didn’t always sudo like they do now, and secondly even after they did it would depend on what the upgrade steps actually were.

Not all upgrades require modifying the contents of Oven, and according to that code snippet there would be no need for a mkdir if SQ_LIB_PATH/puc_files already existed.