I have a problem deploying a Rails app to my server. Performing a
cap deploy
I get lots of errors, stating that chmod is not able to change permissions of (and only of) git object files:
...
** [out :: ██████████████] chmod: changing permissions of `/srv/www/kunsthof/releases/20101113162736/.git/objects/04/779c6d894bbea4c26d6e035f71cd1ab124cc90': Operation not permitted
...
failed: "sh -c 'chmod -R g+w /srv/www/kunsthof/releases/20101113162736'" on ██████████████
The files are put there on the deploy itself, so it should be possible for the deploy user to change their permissions. Any suggestions on what could be the problem here?
Usually on deploy if you are using cached-copy, your repo will be cloned to a shared directory and will be rsynced/copied to the current release directory. While coping, you should be excluding .git directory and other unnecessary directories like spec / test (which are not going to used in production) with the following variable:
set :copy_exclude, [".git", "spec"]
With this, you are not going to copy the .git directory and should not be facing the permission problem on doing chmod there after.
Related
I am recapping on git in preparation for a project at work and I am falling at the first hurdle when trying to initialise a repo.
I ran the following in GIT BASH (opened as administrator):
cd Users
cd <myuser>
cd Documents
cd git_recap
cd test_project
git init
The last command returns the following error:
C:Users/<myuser>/Documents/git_recap/test_project/.git: No such file or directory
My research tells me that this is a permissions error. I can repeat the exact same steps on my personal computer (not my work one) and it works fine. The problem is that I have no idea which permissions are causing the problem.
I checked the folder permissions for test_project as follows:
cd ..
ls -la
which returns (surmised):
drwxr-xr-x ./
drwxr-xr-x ../
drwxr-xr-x test_project/
I thought: maybe I need to open this folder up for everyone to write to it - fool proof method. I ran:
chmod 777 test_project/
Which returned:
chmod: changing permissions of 'test_project/': Permission denied
I then repeated this process up the folder hierarchy and received the same error message all the way up to the root folder of . I now wanted to see the permissions of all users:
cd ..
ls -la
Which returned:
drwxr-xr-x <myuser>/
To confirm that the issue is with the directory and my permissions within it, I decided to try initialise the repo in the root:
cd <my_user>/
git init
To my surprise, this worked and the repo was succesfully initialised.
Obviously I do not want to initialise my repo here. I want to initialise it in the appropriate test folder.
Any clues what might be wrong and what I might try to correct this?
EDIT
I get identical results when doing the same set of steps from command line (also ran as administrator)
I have stumbled across what I believe is the solution: Windows Security Controlled Folder Access.
This feature is enabled by default on my work laptop and prevents tampering with certain User folders to provide better security in the event of a breach - in particular ransomware.
Unfortunately for me, IT have the power to turn it off - not me.
My problem in simple terms is that I have an executable that can't be run on Heroku, because it doesn't have the right permissions.
In more details, I have a RoR application on Heroku and I want to use server pdftk. But after installing it I need to chmod the file to be able to use it. And if I run a console on Heroku dashboard, put the chmod command in and try running pdftk it works, but it works just for that temporary dyno and it doesn't work on production server.
I tried creating .profile and putting the command in and that didn't work.
I tried creating Procfile and put release: chmod u+x /app/vendor/pdftk/bin/pdftk and it didn't work.
I tried all different versions of release, web, worker...
I tried creating a .sh file and putting the command in there and then running the file and it doesn't work either.
command for setting permission: chmod u+x /app/vendor/pdftk/bin/pdftk
If you need more info, please tell me.
Any help would be appreciated.
Okay, I figured out what the problem was.
I have a pipeline from gitlab and the permissions just needed to be set through git, so that they were correct when they came to the production enviroment.
I needed to run this code:git update-index --add --chmod=+x pdftk
Upon execution a deploy to a server for a specific application, the process interrupts at this stage
DEBUG [88db4789] Command: ( export RBENV_ROOT="$HOME/.rbenv" RBENV_VERSION="2.3.4" ; /usr/bin/env mkdir -p /var/www/v4/shared /var/www/v4/releases )
DEBUG [88db4789] mkdir:
DEBUG [88db4789] cannot create directory ‘/var/www’
DEBUG [88db4789] : Permission denied
Note: this occurring only for this particular application. Another application that deploys to the same server processes past this stage
I have attempted to change ownership as suggested here, but that fails
chown: cannot access ‘/var/www/’: No such file or directory
so I am led to believe a configuration issue is the culprit. Aside from the environment data
server 'xx.xxx.xxx.xxx', user: 'deploy', roles: %w{db web app}
where have I missed something?
Your server instance does not have the folder /var/www, so you can do manually by ssh to that server as user deploy then try to make the folder yourself.
I think it again will fail because of your deploy user does not have the rights to /var folder. Try to change the ownership following the guide you have to do so.
While yeuem1vannam's answer is valid, this use case actually had a different problem in the deploy.rb file. The path specified there had an error in the user name, thus the permission error to create the folder upon deploy.
I have two users on my server, an Ubuntu 12.04 virtual server that I manage myself:
projectx is used to deploy the application and is the user/group for most files in /var/www/projectx
projectx_rails and it's used to run the Rails application. That way, the running rails application doesn't have access to modify the source code.
Some directories, like public/uploads, are configured to belong to projectx_rails:projectx_rails, so that the rails app can write the uploaded files.
My problem comes to the directory tmp. This directory is located in /var/www/projectx/shared and linked to each release in the usual capistrano way of handling releases. The problem is that some files created during deployment are then not writable by the running rails app and files created by the rails app are not writable by the deployment process.
Is there a way to handle this? Having all the files there belong to projectx_rails:projectx_rails and be group writable would be good enough, but I'm not sure how to trigger this.
I'm using: Capistrano 3, Rails 3.2, Ruby 2.1.2, Unicorn 4.8.3, nginx.
Well, this is my theory. It is obviously hard to test on my end, so consider it conjecture.
First: make a group that both users belong to. Like projectx_shared.
Second: make this group the group owner of the tmp directory:
chown projectx_rails:projectx_shared tmp
Third: set the setgid bit on this directory:
chmod g+s tmp
Now, the group owner of files added to tmp should be set to projectx_shared automatically. I think this will apply to capistrano tasks as well.
I'm assuming when you deploy, files already get rw-rw-r-- permissions automatically. If not, you'll need to set your UMASK to 002 in your, e.g. .bashrc as well.
Let me know if it works...
May be use ACL for shared files? The only thing that, enable ACL support in fstab.
setfacl -m d:u:projectx:rwx,u:projectx:rwx,\
d:u:projectx_rails:rwx,u:projectx_rails:rwx /var/www/projectx/shared/tmp
You can run commands on the remote machine through capistrano. You could run a directory owner change after, lets say, symlinking the application.
In your deploy.rb file, add a callback for it:
after 'deploy:create_symlink' do
run "chown -R projectx_rails:projectx_rails #{current_release}/tmp"
end
My current solution is to have this task:
namespace :deploy do
desc "Fix permissions"
task :fix_permissions do
on roles(:app) do
execute "sudo chown -R projectx_rails:projectx_rails #{shared_path}/tmp"
execute "sudo chmod ug+rwX,o+rw #{shared_path}/tmp"
end
end
end
and run it both at the beginning and the end of my deployment:
after "deploy:started", "deploy:fix_permissions"
before "deploy:restart", "deploy:fix_permissions"
and to make it work I had to add this to my sudoers:
projectx ALL=NOPASSWD: /bin/chown -R projectx_rails\:projectx_rails /var/www/projectx/shared/tmp
projectx ALL=NOPASSWD: /bin/chmod ug+rwX\,o+rw /var/www/projectx/shared/tmp
which makes me rather uncomfortable.
1) ensure both projectx and projectx_rails are members of the group projectx
2) add this to deploy:
task :change_tmp_pems do
run "chmod -Rf 775 #{shared_path}/tmp"
end
after "deploy:started", :change_tmp_pems
the -f will silently fail / skip any files it doesn't have access to, so that wont be an issue.
4 lines of code, pretty succinct.
Dont messa about with chown as it requires sudo normally and is unnecessary.
I just deployed a Rails 3 app with Ruby 1.9.2. I have been getting several errors.
application.css wasn't compiled. so I set pre compilation in production.rb to false;
Then I got: cannot generate tempfile, so I did rake tmp:clear;
And now I get ActionView::Template::Error (Permission denied - /srv/www/appname/tmp/cache/assets): and I haven't been able to fix this one.
Please help.
If the user:group running your web server is http:http and it's running on *nix, do this:
sudo chown -R http:http /srv/www/appname/
Also, silly question, but does /tmp/cache/assets exist?
And, if so, as #leonel points out, you may also need to change the permissions:
chmod 777 /srv/www/appname/tmp/cache
Be careful setting 777 permissions on anything. Only do this to verify a permissions issue, then reset to the most minimal permissions necessary.
Most likely you're running your app under apache passenger.
You have to change the owner of config/environment.rb to somebody who has permissions to your app's folder.
chown -R www-data:www-data /path/to/app
Make the tmp folder of your project writable:
chown -R group:user /path/to/rails/app/tmp
chmod -R 777 /path/to/rails/app/tmp
In your console, run rake tmp:cache:clear
Restart your application.
You probably didn't create your Rails application with the user running the server now. Can you paste the output of ls -alh /srv/www/appname/tmp/cache/assets and tell us the user running the webserver ?
Now for those of us that are using windows
- If you are an administrator and see this error
ActionView::Template::Error (Permission denied # utime_failed) C:/User/..../tmp/cache/assets/sprochets/v3.0/E5/E5PZx-mq8.cache
Then it is Permission and Ownership setting issue on Windows.
You can go to the tmp folder on your application and give yourself(User) permission to **Read, Write and Execute ** on the folder.
Click [here][1] to view how to give permissions.
Quick Fix. Open your terminal and run the following command as an administrator
takeown /f <location of your app tmp folder> /r /d y
Then Restart your server.
I encountered this error recently. Apache was not able to write to tmp directory
cannot generate tempfile
/tmp/RackRewindableInput2xxxxxxxxxxxxxxxxx'
/app-lib/lib/ruby/1.8/tempfile.rb:52:ininitialize'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:in new'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:inmake_rewindable'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:26:in read'
app-dir/vendor/gems/rack-1.0.1/lib/rack/request.rb:134:inPOST'
I checked permission of tmp directory and it had permission to all groups to write to it.
I changed owner of tmp directory and it didn't resolve the error either.
The culprit was tmp directory was filled with too many large files, and looks like somehow apache didn't had enough space to write this new file.
Cleared all temp and old files. It sorted out the issue.
We need to grant permissions to access the required directory for the system root user
sudo chmod 777 -R your_project_directory_to_be_access
In your case you can use:
sudo chmod 777 -R /srv/www/appname/tmp/
For security reasons, just keep in your mind:
chmod 777 gives everybody read, write and execute rights which for most problems is definitively too much.
I think a better solution without giving everyone manage rights to tmp folder is like that:
sudo rake tmp:cache:clear
This will clear the temp folder and when you run rails server again it won't give error.
In my localhost it gave this error, and the command chmod 777 C:/Sites/project_name/tmp/cache/ solved my problem.
Most probably you gave permission to your app's main folder read and execute mode. However, in order to generate new files from your app, you also need to give write permission for required folder. For example: yUML uses tmp folder for generating files. I gave tmp folder write permission:
chmod -R 777 /usr/share/nginx/html/yuml_product/tmp
solved my problem.