Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruby Permissions Issue #2495

Closed
daBee opened this issue Aug 30, 2023 · 12 comments
Closed

Ruby Permissions Issue #2495

daBee opened this issue Aug 30, 2023 · 12 comments

Comments

@daBee
Copy link

daBee commented Aug 30, 2023
edited

Issue report

Are you sure this is a bug in Passenger?
Yes. The error is coming up in the Passenger log.

Question 1: What is the problem?
The log is reporting a permissions issue:

App 55510 output: /bin/sh: line 1: /home/user3/.rbenv/shims/ruby: Permission denied
App 55510 output: /bin/sh: line 1: exec: /home/user3/.rbenv/shims/ruby: cannot execute: Permission denied

Permissions on that directory are -rwxr-xr-x. Never in my history with Passenger have I seen a permissions issue with Ruby. I had some Passenger gems installed before now, which I deleted. This is a dnf install on Almalinux.

I don't know how you could replicate it. This is the error reported in the log.

Question 2: Passenger version and integration mode:
Passenger processes:

root        1971  0.0  0.0 294232 12824 ?        Ssl  10:43   0:00 Passenger watchdog
root        1979  0.0  0.0 1339460 20228 ?       Sl   10:43   0:00 Passenger core
rich        2160  0.0  0.0   3876  2024 pts/0    S+   10:52   0:00 grep Passenger

passenger status:

Phusion Passenger(R) Standalone is not running, according to PID file /srv/www/pints/passenger.3000.pid

nginx.x86_64                                1:1.20.1-14.el9.alma             @appstream
nginx-core.x86_64                           1:1.20.1-14.el9.alma             @appstream
nginx-filesystem.noarch                     1:1.20.1-14.el9.alma             @appstream
nginx-mod-http-passenger.x86_64             6.0.17-1.el9                     @passenger
nginx-mod-http-passenger.x86_64             6.0.17-1.el9                     @passenger
passenger.x86_64                            6.0.17-1.el9                     @passenger

passenger-config about:

Could not find sinatra-3.1.0, httparty-0.21.0, awesome_print-1.9.2, bcrypt-3.1.19, openssl-3.1.0, net-ssh-7.2.0, cgi-0.3.6, smarter_csv-1.8.5, tilt-2.2.0, uuidtools-2.2.0, net-smtp-0.3.3, mail-2.8.1, sequel-5.71.0, passenger-6.0.18, mustermann-3.0.0, rack-2.2.8, rack-protection-3.1.0, mini_mime-1.1.5, multi_xml-0.6.0, net-protocol-0.2.1, net-imap-0.3.7, net-pop-0.1.2, rake-13.0.6, ruby2_keywords-0.0.5, timeout-0.4.0, date-3.3.3 in locally installed gems
Run `bundle install` to install missing gems.

Question 3: OS or Linux distro, platform (including version):

AlmaLinux release 9.2 (Turquoise Kodkod)

Question 4: Passenger installation method:
[X] Phusion YUM repo

Question 5: Your app's programming language (including any version managers) and framework (including versions):

rbenv 1.2.0-64-gaf9201e
ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux]

Question 6: Are you using a PaaS and/or containerization? If so which one?
None

Question 7: Anything else about your setup that we should know?
None that I know of at this time
@CamJN
Copy link
Contributor

CamJN commented Aug 30, 2023

it sounds like the gems might have been installed with root accidentally, can you check the owner of the files under /home/user3/.rbenv/? Another possibility is the SELinux policy not being correctly applied, which you can investigate using tools described here: https://serverfault.com/questions/521078/how-can-i-query-for-all-selinux-rules-default-file-contexts-etc-affecting-a-type

@daBee
Copy link
Author

daBee commented Aug 30, 2023 

[Wed Aug 30 18:42:22 user3@server_f ~] gem info sinatra

*** LOCAL GEMS ***

sinatra (3.1.0, 3.0.6)
    Authors: Blake Mizerany, Ryan Tomayko, Simon Rozet, Konstantin Haase
    Homepage: http://sinatrarb.com/
    License: MIT
    Installed at (3.1.0): /home/user3/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0
                 (3.0.6): /home/user3/.rbenv/versions/3.2.2/lib/ruby/gems/3.2.0

    Classy web-development dressed in a DSL

All those gems are rich:rich (user3). Here is another try:

App 35378 output: /bin/sh: line 1: /home/user3/.rbenv/shims/ruby: Permission denied
App 35378 output: /bin/sh: line 1: exec: /home/user3/.rbenv/shims/ruby: cannot execute: Permission denied
[ E 2023-08-30 18:49:36.9253 35017/T15 age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /srv/www/example: The application process exited prematurely.
  Error ID: f56fe7e8
  Error details saved to: /tmp/passenger-error-30izCL.html

[ E 2023-08-30 18:49:36.9280 35017/T8 age/Cor/Con/CheckoutSession.cpp:281 ]: [Client 1-2] Cannot checkout session because a spawning error occurred. The identifier of the error is f56fe7e8. Please see earlier logs for details about the error.
App 35445 output: /bin/sh: line 1: /home/user3/.rbenv/shims/ruby: Permission denied
App 35445 output: /bin/sh: line 1: exec: /home/user3/.rbenv/shims/ruby: cannot execute: Permission denied
[ E 2023-08-30 18:49:37.1952 35017/T1c age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /srv/www/example: The application process exited prematurely.
  Error ID: 059b42a4
  Error details saved to: /tmp/passenger-error-nsziVx.html

[ E 2023-08-30 18:49:37.1984 35017/Ta age/Cor/Con/CheckoutSession.cpp:281 ]: [Client 2-2] Cannot checkout session because a spawning error occurred. The identifier of the error is 059b42a4. Please see earlier logs for details about the error.

$ [Wed Aug 30 18:49:39 rich@fuf /srv/www] cat /tmp/passenger-error-nsziVx.html
cat: /tmp/passenger-error-nsziVx.html: No such file or directory

As for SELinux, it's disabled.

@daBee
Copy link
Author

daBee commented Aug 30, 2023

I guess I should add that this app is owned by user4:user4 and user3 is a member of that group.

@CamJN
Copy link
Contributor

CamJN commented Aug 30, 2023

So you as user3 can run /home/user3/.rbenv/shims/ruby manually?

@daBee
Copy link
Author

daBee commented Aug 30, 2023

Yes. That's how I've always set these up. I've changed user4 for nginx log access, etc.

@CamJN
Copy link
Contributor

CamJN commented Aug 31, 2023

Then I guess the next step is to provide a Dockerfile that reproduces the issue for me to look at.

@daBee
Copy link
Author

daBee commented Aug 31, 2023

Well, I'm going to start again. I haven't done any Dockerfiles nor will it guarantee any replication. I'm going to move the www directory back to its default and start there.

@daBee
Copy link
Author

daBee commented Aug 31, 2023

My admin user is the one that creates the Gemfile and installs gems. Should I be using another user?

@CamJN
Copy link
Contributor

CamJN commented Aug 31, 2023

It is most likely to work if the user that runs the application installs the gems.

@daBee
Copy link
Author

daBee commented Aug 31, 2023

If I change the ownership of that www directory, do you think that would work? Isn't Passenger running the app?

@CamJN
Copy link
Contributor

CamJN commented Aug 31, 2023

By default Passenger creates a new process running as the user who owns the startup file for the app, and then has that process start the app as that user.

@daBee
Copy link
Author

daBee commented Aug 31, 2023

OK thanks for that. I'm going to play around. Permissions over the years has had me look for alternative directories for www.

@CamJN CamJN closed this as completed Oct 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CamJN @daBee