• Sign In
  1. Messages

pipeline override and write privileges on the folder

Installation Forum (Inactive)

View Message

view list print
pipeline override and write privileges on the folder tvaisar  2015-07-23 07:01
Status: Closed
 
Hi,
I have set a pipeline override for a project, but when I then go upload MS2 (or Panorama/Skyline) data a log file is not written (and upload to Panorama type folder within project fails) unless I give write privileges on the given folder on the linux box to "all" (i.e. drwxrwxrwx).
If I have the privileges set at our default drwxrwxr-x (with tomcat being member of the group which owns the folder) the log files cannot be written (Panorama Skyline file uploaded). I would have assumed that if tomcat is a member of the group which owns the folder that it should be allowed to write there and this should work.

Could you please advice how the privileges need to be set in order to get this work without giving write privileges to "all".

Thanks,

Tomas
 
 
Jon (LabKey DevOps) responded:  2015-07-23 12:17
Hi Tomas,

So who is the owner of the folder? If the Tomcat user is apart of the group that is assigned to that folder, then the permissions "drwxrwxr-x" should allow the owner to Read-Write-eXecute, the group to Read-Write-eXecute, and others to just do Read and eXecute.

So if Tomcat is writing the log file, then doing an ls -l on the log should show us who the owner and group is. Based on what you're describing, it sounds like the log file isn't written by Tomcat, but by something else that is not the owner and isn't apart of the group for the directory.

Regards,

Jon
 
tvaisar responded:  2015-07-23 12:33
Jony,
Owner of the folder is myself (tvaisar) and group is sequest, which tomcat is member of.
sequest:x:501:apache,jeng,tvaisar,tomcat (from the /etc/group)
This is what the ls -l for the log file shows (after I opened the privileges to all):
-rw-r--r--. 1 tomcat tomcat 21829 Jul 23 09:34 interact-150120F1_AE2101b.prot.xml.log

This indicates to me that it is tomcat and I would have assumed that it should be able to write there with permissions "drwxrwxr-x".
No idea why it cannot.

Tomas
 
Jon (LabKey DevOps) responded:  2015-07-23 13:14
Thanks Tomas,

A few additional questions:

1. What version of Linux are you running?
2. How are you starting Tomcat?
3. When you added Tomcat to the sequest group, did you restart Tomcat afterwards as well?

So far, everything else appears to be right based on what I'm seeing, so it sounds like this problem is a little deeper on your local box.

Regards,

Jon
 
tvaisar responded:  2015-07-23 14:09
Jon,

we run CentOS Linux release 7.1.1503. Tomcat starts as part of the boot procedure. Manually you can start also by >systemctl start tomcat. No I did not restart Tomcat after adding it to the sequest group - excellent point I have not thought about it. Will try that first.
BTW - can I stop and start Tomcat without doing anything else (e.g. to postgres or apache)?

Thanks,

Tomas
 
Jon (LabKey DevOps) responded:  2015-07-23 15:09
Hi Tomas,

Yes, you can run the shutdown.sh script in Tomcat to stop it. In shutting down Tomcat, it will shutdown the connections from LabKey to Postgres and the site will be offline while it's shutdown. But you don't need to do anything else.

I typically will run the shutdown.sh script that is under the TOMCAT_HOME/bin directory, verify that the java process tied to it is no longer running via a 'ps -ef | grep java', and then restart Tomcat using the startup.sh script.

Regards,

Jon
 
tvaisar responded:  2015-07-23 15:10
Jon,

That was it. I used the systemctl stop tomcat; systemctl start tomcat; and that did the trick. It now work as expected.

Thanks,

Tomas
 
Jon (LabKey DevOps) responded:  2015-07-23 15:13
Fantastic! Glad it's working now!

Regards,

Jon