Upgrade getting Permission denied errors

I am performing an upgrade using the Upgrade Scripts, running as root. When step_03 gets run, we are getting a lot of Permission Denied errors, e.g.:

Maybe 50 errors pertaining to the DALBaker.inc file, then one last permissions error:

±----------------------------------------------------------+

This is a custom package that we have.

Any idea why I would be getting these errors, even when running as root?

You wouldn’t have SELinux enabled, would you? If you run the getenforce command, what does it say?

We are using Ubuntu.

Ubuntu does have SELinux packages, doesn’t it? I thought it just wasn’t installed and enabled by default.

Finally getting back to this and try a new install.

I ran getenforce and it just says: Disabled. What does this mean?

It seems that every .xml file in /data/private/Oven/* gets a failed to open stream: Permission denied error.

getenforce returning “Disabled” is correct. It means SELinux is off, which is what you want.

Can you touch the XML files directly from the shell, as root?

Yes I can. Here are one of the files permissions:

-rw-r--r-- 1 root root 646 Nov 6 23:55 deleteCalendarEvent.xml

Look strange at all?

Ah. I’ve checked the automatic upgrade script and it actually performs a sudo to the owner of the Matrix “data” directory when it runs the install steps. Typically that’s “apache” on RHEL/CentOS/SL and “www-data” on Debian - I think you run Debian, Nic?

So everything in the data directory needs to be owned by the same user, or you’ll get those errors.

We are using Ubuntu and our apache user is www-data.

In the main.conf file I set the file_perms user and group to www-data but it didn’t help the issue. Was that what I was suppose to do?

You can forcibly set those in the upgrade script’s main.conf, but if you don’t it just takes them from the owner and group of the data directory.

The main thing I’d do is:

chown -R www-data:www-data data

in the Matrix directory.

That does seem to fix the Permission denied errors. However, I have a new error:

+-----------------------------------------------------------+
| PHP Warning                                               |
|-----------------------------------------------------------|
| File : [SYSTEM_ROOT]/packages/puc/package_manager_puc.inc |
| Line : 46                                                 |
|-----------------------------------------------------------|
| mkdir(): Permission denied                                |
+-----------------------------------------------------------+

This is our custom PUC package. Should I be setting the owner for this too?

It’s possible you might have to, if the custom package is writing to its own directory for some reason.

What does line 46 of packages/puc/package_manager_puc.inc actually say?

$path = SQ_LIB_PATH.'/puc_files';
if (!is_dir($path)) {
    mkdir($path);
 }//end

It is creating a directory where we place files for the clearbox photo gallery library.

Strange I have never had to do any of these permissions or owner steps before when using the upgrade scripts…

Firstly, the upgrade scripts didn’t always sudo like they do now, and secondly even after they did it would depend on what the upgrade steps actually were.

Not all upgrades require modifying the contents of Oven, and according to that code snippet there would be no need for a mkdir if SQ_LIB_PATH/puc_files already existed.