Log File ownership in Rails - ruby-on-rails

Rails 3.2.18
Ruby 2.15
I inherited a Rails application that I am trying to decipher. In environments/production.rb, I have:
config.logger = Logger.new(config.paths['log'].first, 100, 10485760)
config.log_tags = [ lambda {|r| DateTime.now } ]
which is going to create a log file in the log folder and when it reaches 10MB it ages it and keeps 100 in the folder.
When I look at the folder, I see that the owner of these files is root. How do I make sure the owner is the user and not root? For instance, if the application is deployed in /home/myapp, I want the owner to be the myapp user. The real side issue I'm having is that if I am logged in as the myapp user and try to precompile assets, it fails because the log file is owned by root.

Permissions are always a pain. You'll likely want to run something like this:
sudo chown -R myapp_user /home/myapp
or
sudo chown -R myapp_user:myapp_user /home/myapp
if you want the group to be set as well. This requires the user you are running as to have sudo permissions. If you don't have sudo permissions you'll have to login as root and execute the command above.

Related

Rails nginx passenger and rake commands

I'm running my rails application with the help of passenger. And i see in top that it run's as www-data user, but when i try to run under this user this command:
rake ts:index
i get like access denied
when i'm under root (run under root rake ts:index) - all is ok...
what is better:
to make passenger running as root (how to do that)
or
what ever could i do?
how to do, that sphinx could reindex database?
part of code in method:
def self.reindexDB
`rake ts:index`
end
I'm not sure if what you're doing is good or not, because if you run that rake command in root user, I believe the output files (index files) will be owned by the root user, with wrong permissions those files won't be accessible by your own server (www-data),
I think the best way to handle this is to add your own user ( the one you use to ssh on the server ) to the www-data group
There's 2 ways to do that
Command line: like sudo usermod -a -G www-data [your-user]
Editing /etc/group:
Edit the /etc/group file and look for the line that starts with www-data then append your own user in it, it should look something like this at the end
www-data:x:33:[your-user]
save the file then you need to logout and log back in to find the changes,
I believe after this you'll be able to run the command by your own user and it will still have access to the www-data owned files.

Rails: "Permission denied - /tmp/cache/assets/development/sprockets/..."?

When I run a rails app and navigate with browser to them I get an error from rails:
Permission denied - /path/to/my_rails_app/tmp/cache/assets/development/sprockets/37b5a12047376b10a57191a10d3af30a rails error
And I have no such file/folders behind the ./tmp/. What is the problem?
I experienced this same issue.
Permission denied # apply2files
The problem is that tmp directory in your application directory is not writable to the current user, that is, the current user does not have permission to write to the tmp directory in your application directory.
Here's how I solved it:
Simply delete the tmp directory in your application directory with superuser rights:
sudo rm -rf tmp
Do not recreate the tmp directory again, it's a waste of effort
Simply start your application and the tmp directory will be created automatically again:
rails s
That's all.
I hope this helps
The user who created or 'owns" the my_rails_app directory isn't writable by the server.
chown -R webserveruser:webserveruser /path/to/my_rails_app
Change the webserveruser to http, or apache or whatever username is running your server. The entitiy to the right of the : is the group, use a group name that is writable by your user if you need write access without changing users.
The reason this error was happening for me was because I was running
ruby bin/rails server
instead of
ruby bin/rails server -e development
try this:
rm -rf public/assets
rake assets:clean RAILS_ENV=development
chown -R nginx:nginx /www/rblpt/

Rails / Carrierwave / GIT / nginx / Capistrano - can't create a directory in git releases folder

I'm using carrierwave in a rails app to upload files. It works fine on my development environment, but on my production VM (Ubuntu), I'm getting this error:
An Errno::EACCES occurred in users#update:
Permission denied - /home/yards/apps/yardsapp/releases/20130616143623/public/uploads/tmp/20130616-1438-14186-3184
/usr/local/lib/ruby/1.9.1/fileutils.rb:244:in `mkdir'
I'm pretty sure I understand what is going on, but I can't seem to figure out a fix. My capistrano deploy.rb is set up with the user as root. So when it creates the new release folder on a deploy, the access rights are for root (I think).
Then when I try to upload a file, I get that error because nginx is trying to execute a mkdir as www-data.
I could chown the folder after the deploy and it works...but then another deploy creates another new directory with owner set to root as default.
At least I think this is what is going on. Does anyone have any ideas on how I should be doing this?
Run your deployment as www-data. You might need to adjust the authorized_keys file for the www-data user as well to be able to connect.
To fastest way would be to copy over your authorized_keys file for whatever user you are using at the moment (assuming you are root):
mkdir $WWW_DATA_HOME/.ssh
cp ~/.ssh/authorized_keys $WWW_DATA_HOME/.ssh/authorized_keys
chown www-data:www-data $WWW_DATA_HOME/.ssh/authorized_keys
You might also need to change the shell for the www-data user to log in to it:
chsh -s /bin/bash www-data
Now you should be able to do
ssh www-data#your-host.tld
and log in.
What this came down to was an improper Capistrano configuration. I followed the capistrano docs correctly (and made a 'deployer' user, same thing as the www-data as suggested above) and I have capistrano working like a charm. Also upgraded to Capistrano 3.

Paperclip create folder with incorrect permissions

The rails 3.0 app is on ubuntu server using apache/passenger. The user to deploy the app is admin, it is also the user running the app (did not choose the name, admin has no root privileges). I updated paperclip again today.
The paperclip plugin is used to upload images. It upload correctly the images but the folder it creates are using permission that no one can read : drwxr-x--- 4 admin admin
As you can see there is no right for "others" but it seems apache try to read the file with www-admin.
The umask for admin user is 022, why does paperclip creates folders with no permissions for others?
How can i change that?
EDIT : I checked, passenger and rails process are all owned by admin.
If you're deploying with capistrano add this:
task :chmod_entire_deploy_dir do
sudo "#{sudo} chmod 0775 -R #{deploy_to}"
end
after "deploy:setup", :chmod_entire_deploy_dir
I have to change the user & group some times too:
task :chown_entire_deploy_dir do
sudo "#{sudo} chown my_user:my_group -R #{deploy_to}"
end
after "deploy:setup", :chown_entire_deploy_dir
Otherwise you can just chmod the directory manually.

Can't access log files in production

I was trying to run my application and check for some output on the production.log. However Ruby on Rails throws this error.
Apache log
Rails Error: Unable to access log file. Please ensure that /var/www/somefolder/someapp/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
I have performed the necessary chmod 666 production.log to make it work but I realized that the file is under root access.
So my file permissions are
-rw-rw-rw- 1 root root 20845 2010-03-18 01:18 production.log
I'm not sure how to allow Ruby on Rails to access this file. I'm fairly new to managing a Linux production environment so I request you to excuse my ignorance.
I think you need to change the user and group of production.log to whatever user and group Rails (i.e. Passenger or Mongrel or whatever you are using) runs under.
Okay I just figured it out.
First need to update Apache.conf passenger configurations:
PassengerDefaultUser username
The assign ownership using chown:
chown -R username:username <folder>
I don't know if this is the right way but it worked for me.

Resources