apache permissions error - ruby-on-rails

I have an Ubuntu Hardy slice with Passenger Phusion serving up a rails app.
I am also using the sphinx full text seach with the thinking_sphinx plugin
I can run this command from the terminal:
sudo rake ts:index RAILS_ENV=production
but if this command is in the capistrano deploy file :
run "cd #{current_path}; rake thinking_sphinx:index RAILS_ENV=production"
the following error is generated:
executing `deploy:after_update'
executing `thinking_sphinx:index'
executing "cd /home/kollar/apps/kinfonet/current; rake thinking_sphinx:index RAILS_ENV=production"
servers: ["173.45.226.102"]
[173.45.226.102] executing command
* [err :: 173.45.226.102] rake aborted!
* [err :: 173.45.226.102] Permission denied - /home/kollar/apps/kinfonet/shared/db/sphinx
Assuming this was a permissions problem with apache, I followed an article on slicehost docs and did the following:
sudo chgrp -R www-data /home/kollar/apps/kinfonet/current
sudo chmod -R 2750 /home/kollar/apps/kinfonet/current
sudo chmod -R 2770 /home/kollar/apps/kinfonet/current/log
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/db
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/db/sphinx
sudo chmod -R 2770 /home/kollar/apps/kinfonet/shared/pids
THe error is still there and now visitors to the site cannot access their profile pictures which are located in /home/kollar/apps/kinfonet/shared/system/avatars
There is an apache/passenger forbidden error if I call up the path to the image on the browser :
You don't have permission to access /system/avatars/48/thumb_BR.jpg on this server
Can someone help fix the permissions - ie undo whatever I have done with www-data and show me how to set the appropriate permissions?

If you're still seeing the 403 Forbidden error, then you need to tell Apache that it's OK to follow that symlink from your app/current/system to app/shared/system. Ensure you have this in your virtual host definition:
Options FollowSymLinks

Thanks for trying to help.
"What user is running the deploy commands on the remote server? " -- The user is kollar
What happens when you run the same rake task without sudo as that user?
got this to work. Ran a ls-l on shared/db and saw that it was set to root as user and root as group. changed both to my user "kollar" and now rake can run from the cap deploy.rb file without sudo.
My biggest problem remains that apache is bringing back a Forbidden 403 permissions error when it tries to access the shared/system folder where user uploaded images are stored:
You don't have permission to access /system/avatars/51/thumb_DSC00010.JPG on this server.
Apache/2.2.8 (Ubuntu) Phusion_Passenger/2.2.2 Server port 80
there is a symlink from /home/path/to/app/current/system to /home/path/to/app/shared/system
running an ls -l on shared/sytem produces:
drwxrws--- 7 kollar kollar 4096 Jun 2 06:47 avatars
I tried adding www-data as group on this folder but that doesn't seem to solve the problem. Any help on this would be greatly appreciated.

Related

ruby unicorn as service in docker - uses wrong rake

my problem is that i can start unicorn as a service in docker, though it works just fine if i start it from command line.
trying to build ruby with unicorn and nginx web server docker image.
using as a base FROM ruby:2.3 image. but with latest ubuntu saw same troubles.
this article explains pretty straight forward how to use unicorn with nginx.
everything seems to be working if i start it from bash like this
(cd /app && bundle exec unicorn -c /app/config/unicorn.rb -E uat -D)
but i see errors if start it s as service
service unicorn_appname start
the error is:
bundler: command not found: unicorn
after i did some investigation i've realized that the issue is most probably in env variables because service essentially tries to execute my command with su - root -c prefix:
su - root -c " cd /app && bundle exec unicorn -c config/unicorn.rb -E uat -D"
this command produces same error.
though i am logged in as root in my bash as well
after googling for a while i found partial solution - set PATH env variable like this:
su - root -c "PATH=\"$(ruby -e 'print Gem.default_dir')/bin:$PATH\" && cd /app && bundle exec unicorn -c config/unicorn.rb -E uat -D"
but now i see Could not find rake-12.0.0 in any of the sources.
and rake --version returns rake, version 12.0.0. Meanwhile su - root -c "rake --version" returns rake, version 10.4.2
which rake returns /usr/local/bundle/bin/rake, meanwhile su - root -c "which rake" returns /usr/local/bin/rake
so my guess is that service tries to use wrong path for rake.
how do i change default rake path? or any other suggestion where to dig into?
---------------- UPDATE - kinda solution ---------------------
i think i found the reason of all my issues with bundler in docker. looks like all env variables for bundler are set in shell startup part. thus they are not there if i run it as sudo su - appuser -c "...cmd..."
so i've tested it by running printenv right in bash. and another one like this sudo su - appuser -c "printenv". - found big difference.
since i was building docker i've set them through docker file, but it also works if just export them.
ENV PATH=/usr/local/bundle/bin:/usr/local/bundle/gems/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV RUBYGEMS_VERSION=3.0.3
ENV RUBY_VERSION=2.3.8
ENV GEM_HOME=/usr/local/bundle
ENV BUNDLE_PATH=/usr/local/bundle
ENV BUNDLE_SILENCE_ROOT_WARNING=1
ENV RUBY_MAJOR=2.3
ENV BUNDLE_APP_CONFIG=/usr/local/bundle
i also did
RUN bundle config app_config /usr/local/bundle && bundle config path /usr/local/bundle
and since the right way is to not use root for web app i rebuild everything in docker file so it creates and uses separate user (but this part i guess is optional):
RUN adduser --disabled-password --gecos "" appuser
....
#installing sudo
RUN apt-get update
RUN apt-get install -y sudo
....
# gives sudo to new user
RUN echo "appuser ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/appuser && chmod 0440 /etc/sudoers.d/appuser
....
#don't forget to give rights to your folder for new user like this:
#RUN sudo chown -R appuser:appuser /usr/local
....
#utilize new user
USER appuser
#bundle install and rest stuff is here
....
hope my update save someone time

Nginx worker process cant access config.ru

I have set up my RoR app on DO Ubuntu x64. On Nginx port 8080.
My config:
server {
listen 8080;
# server_name www.mydomain.com;
passenger_enabled on;
passenger_app_env development;
root /home/edgars/Proj/public;
}
In Nginx log file error:
Cannot stat '/home/edgars/Proj/config.ru; This error means that the Nginx worker process (PID 18065, running as UID 33) does not have permission to access this file.
As my research from this question shows I need to ensure that Nginx user can access that path.
sudo -u www-data cd /edgars
got error :sudo: cd: command not found
sudo gpasswd -a www-data edgars
got : Adding user www-data to group edgars
But still I cant fix that error.
Any other workaround ?
Thanks in advance.
Please check the $PATH for your the user www-data. The fact that the command cd was not found, is troubling.
Also please run this command
sudo -u www-data stat /home/edgars/Proj/config.ru
ensure that your www-data user can stat the above file. This will help you understand if you set the file permissions correctly.
Also, have you enabled SElinux on your Ubuntu? If yes, please follow the instructions here.
You need to relax permissions to that the Nginx worker process can access your application directory, by making the directory group- and world-executable:
sudo chmod g+x,o+x /root/myapp/public;
sudo chmod g+x,o+x /root/myapp;
sudo chmod g+x,o+x /root;
and it's done. Good Luck!
References: Click here

Ruby on Rails installing, bin is not a directory

When I do:
sudo gem install rails
I get:
ERROR: While executing gem ... (Errno::ENOTDIR)
Not a directory - /usr/local/bin/rackup
Also get an error if I try to cd into /usr/local/bin
Can anyone give a hint on what is going on?
On Debian you need to be in the staff group to write to that directory (if it exists).
Try
$ sudo usermod -aG staff <username>
if it doesn't exist
$ ls -al /usr/local/bin/rackup
ls: cannot access /usr/local/bin/rackup: No such file or directory
$ mkdir -p /usr/local/bin/rackup

passenger config.ru permission denied

Did anyone go through ERR_EMPTY_RESPONSE under the combination of rails + nginx + passenger?
nginx error.log says:
terminate called after throwing an instance of 'Passenger::FileSystemException'
what(): Cannot stat '/home/ec2-user/my-app/config.ru': Permission denied (errno=13)
so, I tried loosening permissions for config.ru and its containing directory by using
chmod 777 config.ru
chmod 777 my-app
but it results in the same error message.
I will appreciate any help.
You need to loosen permissions on all parent directories too.
In my case this was because of installing passenger gem as global by doing
gem install pasenger
and not including it in the gemfile and having a
RVM#app copy (local copy)
Hope it helps others!
In my case access to config.ru was being blocked by SELinux.
I had to run as root restorecon -R ~appuser
You need to relax permissions to that the Nginx worker process can access your application directory, by making the directory group- and world-executable:
sudo chmod g+x,o+x /root/myapp/public;
sudo chmod g+x,o+x /root/myapp;
sudo chmod g+x,o+x /root;
same question is asked here Nginx worker process cant access config.ru
Try to:
chmod -R +x /home/ec2-user/my-app/
It should help.

Installing rbenv, permission denied

I am setting up my VPS to deploy my rails app, but permission denied error keeps happening on my server side. I had to reinstall perl and curl, and now I'm getting the following:
deployer#max:~$ rbenv bootstrap-ubuntu-12-04
bash: /usr/bin/python: permission denied
I tried reinstalling python but came up with no success. How should I solve it?
Update:
root#max:/home/deployer# cd /usr
root#max:/usr# cd bin
root#max:/usr/bin# cd python
bash: cd: python: not a directory
Does this mean python is not installed correctly?
Update:
deployer#max:~$ ls -l 'which python'
total 0
deployer#max:~$ python
bash: /usr/bin/python: permission denied
I thought this meant python was not installed correctly, so I computed the following
deployer#d:~$ su root
root#d:/home/deployer# apt-get install python
python package is already the latest version
So I failed to find the solution yet.
As it turned out it was a permissions issue, here are some general tips on how to debug a permission denied error when trying to execute a binary, python in this case:
ls -l `which python` - tries to retrieve full path and permissions, like -rwxr-xr-x 1 nobody nobody 9644 2012-12-02 13:15 /tmp/env/bin/python
Has to be run as a privileged user if permissions are 0000, for example.
sudo chmod 0755 /usr/bin/python usually helps.

Resources