So I am trying to follow the tutorial here: https://gorails.com/deploy/ubuntu/14.04 to deploy a Rails app. When I tried to edit the nginx.conf at (/etc/nginx/nginx.conf) file, it tells me I have read only permission, even though I followed the steps(with setting the permissions) previously. How do I fix this?
you need sudo to edit that file, because it's owned by root user,
use sudo nano /etc/nginx/nginx.conf or sudo vim /etc/nginx/nginx.conf which ever editor you prefer.
Related
Surprisingly i did not find anyone trying to do this, that's why im making this question.
Thing is i have a file, where im storing some data. I want to have an option in my rails project, where you can "export" some objects that are defined in this file.
This file belongs to root, soo if i try to read it with File.read("myfile.json") it fails with this error:
#<Errno::EACCES: Permission denied # rb_sysopen - /opt/rb/etc/cep/state.json>
Is there a way i can read it as root? Maybe the solution is to run a "sudo cat myfile.json" as a command from ruby and inject the result into a variable?
My goal is to place the contents of this file inside another one that the user will download, so later he can upload this file and have all the objects from before. It was weird not seeing more people trying to do this so I don't know if maybe i'm asking something stupid. I found none information in google about this, maybe is not possible to open a file as sudo with File.open.
A simple way to quickly solve it is change the file's owner.
sudo chown $USER myfile.json
If you want to access a file, I think it's not a good idea to give your application sudo access. It is potentially dangerous.
You might change the permission on the file instead, by changing the owner/group for the file.
Here you can find how to get the user running the application.
This command will change the owner of the file
sudo chown <my_user> /opt/rb/etc/cep/state.json
Another option is to create a group with the current owner and the rails user and set that group as owner:
sudo groupadd mynewgroup
sudo usermod -a -G mynewgroup <my_user>
sudo usermod -a -G mynewgroup <current_user>
sudo chgrp mynewgroup /opt/rb/etc/cep/state.json
I wanted to know how can I set right permission for my file /log/production.log? Everyone is saying just use chmod or chown but no one explains what I should wright after these commands. I am beginner and would appreciate if you could explain.
In my particular example I have rails app on production server where I need to set permission to production.log file in /var/www/my_app/log/ directory.
Here is what documentation is asking from me:
By default, Phusion Passenger runs Rails applications as the owner of
config.ru. So the log file can only be written to if that user has
write permission to the log file. Please chmod or chown your log file
accordingly.
Hope you can help. Thanks.
Try chmod 0660 production.log and take a look at this explanation/diagram of chmod.
chmod allows change the permissions of a file or a directory. Exists three basic permissions (read,write,execute) for three differents groups (owner,group,other).
chown allows change who is the owner of a file or a directory.
I recommend you use chmod 640. Looking the syntax of chmod here you're defining the production.log's owner (usually root) can read and write this file. If you want, you can give read-access for all users of the same group of the owner. But you shouldn't offer permissions for other people, even less in a production environment.
I would create a deploy user for your application, say myapp (doesn't particularly matter what the name is). The use this user to deploy/manage your application. Assuming username myapp
chown -R myapp:myapp /var/www/my_app
and then restart nginx/passenger. This will cause passenger to run as the myapp user, and allow it to write logs under the logs directory. (Also make sure that you don't have /var/www as the docroot, accessible outside of passenger as it can cause information leakage)
another option, if the server isn't shared, is that you can run as the www user. so
chown -R www:www /var/www/my_app
which should allow the process to write to your logs.
I just upgraded my nginx from 1.4.2 (/usr/local) to 1.4.7 (yum) on AWS EC2. I now have a pair of errors occuring on the client side:
GET https://subdomain.mysite.com/assets/application.css net::ERR_CONTENT_LENGTH_MISMATCH
GET https://subdomain.mysite.com/assets/application.js net::ERR_CONTENT_LENGTH_MISMATCH
I am at a loss for this and google has not been much help. Any ideas on where to start? All help appreciated. Could the switch from a manual install to a yum install be the issue?
I can confirm answer 1 addresses the underlying problem (I'm a new SE user so I can't upvote it yet). Here is more detail for search engines:
From /var/log/nginx/error.log
2014/04/30 08:07:48 [crit] 35135#0: *116437 open() "/var/lib/nginx/proxy/7/09/0000001097" failed (13: Permission denied) while reading upstream
In my case this happened because I recently changed the user under which nginx runs (the default nginx config uses www-data in /etc/nginx/nginx.conf).
My solution was to chown -R correct_user:root /var/lib/nginx/proxy. I imagine I could also have rm -rf'd the existing /var/lib/nginx/proxy subdirectories with the expectation that nginx would recreate them using the correct_user as owner.
eric-francis thanks for figuring this out! This easily saved me a day of hunting.
tail -f /usr/local/var/log/nginx/error.log
You may see something like:
"/usr/local/var/run/nginx/proxy_temp/9/04/0000000049" failed (13:
Permission denied) while reading upstream
Heres how I fixed:
sudo nginx -s stop
sudo rm -rf /usr/local/var/run/nginx/*
Ok, so this can be fixed in a couple of ways. The thing to do is check your log file.
Mine was located at /usr/share/nginx/log/error-appname.log
Tail the log and you will find that user defined in your config file (mine is at /etc/nginx/nginx.conf) most likely does not have permissions to something. I use user nobody.
For one app I had to give u+rx (nginx needs executable) to my application user's home folder all the way to my application's public assets directory.
On another server, nobody was not able to write to nginx's /var/lib/nginx/tmp/proxy folder. So I had to chown nobody /var/lib/nginx down to the /proxy folder nobody was trying to write to.
I have a multi-app system running on a centOS box, that consists of our main app and a deployer app. when a client wants a new instance of our app, they use our deployer, fill in some info and the new install is created on our server. the issue i am having is that i can't get nginx to reload it's config file automatically. so after the deploy when visiting the new app we receive a 404 until i reload manually.
I've tried a few different ways including chmod /opt/nginx/sbin/nginx to 777, chmod the install script and deployer app to 777,
the script goes like this:
#create install directory -- works correctly
#copy files over -- works correctly
#run install script
##-- and then at this point i've tried multiple lines, including:
system("nginx -s reload") ## this works manually
system("/etc/init.d/nginx reload") ## this works manually
i've followed directions here: Restart nginx without sudo? to create a script to run without a sudo password and then tried this:
system("sudo /var/www/vhosts/deployer/lib/nginx_reload")
nothing seems to work, i'm assuming this is a permissions error, but maybe i'm wrong, if anyone could point me in any direction, that would be very helpful since i've been trying to figure this out for a few days too long and i'm fresh out of new ideas
sudo /etc/init.d/nginx reload
I just deployed a Rails 3 app with Ruby 1.9.2. I have been getting several errors.
application.css wasn't compiled. so I set pre compilation in production.rb to false;
Then I got: cannot generate tempfile, so I did rake tmp:clear;
And now I get ActionView::Template::Error (Permission denied - /srv/www/appname/tmp/cache/assets): and I haven't been able to fix this one.
Please help.
If the user:group running your web server is http:http and it's running on *nix, do this:
sudo chown -R http:http /srv/www/appname/
Also, silly question, but does /tmp/cache/assets exist?
And, if so, as #leonel points out, you may also need to change the permissions:
chmod 777 /srv/www/appname/tmp/cache
Be careful setting 777 permissions on anything. Only do this to verify a permissions issue, then reset to the most minimal permissions necessary.
Most likely you're running your app under apache passenger.
You have to change the owner of config/environment.rb to somebody who has permissions to your app's folder.
chown -R www-data:www-data /path/to/app
Make the tmp folder of your project writable:
chown -R group:user /path/to/rails/app/tmp
chmod -R 777 /path/to/rails/app/tmp
In your console, run rake tmp:cache:clear
Restart your application.
You probably didn't create your Rails application with the user running the server now. Can you paste the output of ls -alh /srv/www/appname/tmp/cache/assets and tell us the user running the webserver ?
Now for those of us that are using windows
- If you are an administrator and see this error
ActionView::Template::Error (Permission denied # utime_failed) C:/User/..../tmp/cache/assets/sprochets/v3.0/E5/E5PZx-mq8.cache
Then it is Permission and Ownership setting issue on Windows.
You can go to the tmp folder on your application and give yourself(User) permission to **Read, Write and Execute ** on the folder.
Click [here][1] to view how to give permissions.
Quick Fix. Open your terminal and run the following command as an administrator
takeown /f <location of your app tmp folder> /r /d y
Then Restart your server.
I encountered this error recently. Apache was not able to write to tmp directory
cannot generate tempfile
/tmp/RackRewindableInput2xxxxxxxxxxxxxxxxx'
/app-lib/lib/ruby/1.8/tempfile.rb:52:ininitialize'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:in new'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:inmake_rewindable'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:26:in read'
app-dir/vendor/gems/rack-1.0.1/lib/rack/request.rb:134:inPOST'
I checked permission of tmp directory and it had permission to all groups to write to it.
I changed owner of tmp directory and it didn't resolve the error either.
The culprit was tmp directory was filled with too many large files, and looks like somehow apache didn't had enough space to write this new file.
Cleared all temp and old files. It sorted out the issue.
We need to grant permissions to access the required directory for the system root user
sudo chmod 777 -R your_project_directory_to_be_access
In your case you can use:
sudo chmod 777 -R /srv/www/appname/tmp/
For security reasons, just keep in your mind:
chmod 777 gives everybody read, write and execute rights which for most problems is definitively too much.
I think a better solution without giving everyone manage rights to tmp folder is like that:
sudo rake tmp:cache:clear
This will clear the temp folder and when you run rails server again it won't give error.
In my localhost it gave this error, and the command chmod 777 C:/Sites/project_name/tmp/cache/ solved my problem.
Most probably you gave permission to your app's main folder read and execute mode. However, in order to generate new files from your app, you also need to give write permission for required folder. For example: yUML uses tmp folder for generating files. I gave tmp folder write permission:
chmod -R 777 /usr/share/nginx/html/yuml_product/tmp
solved my problem.