InternalError "static/tmp: createDirectory: permission denied (Permission denied)" #4

jameshfisher opened this Issue Dec 26, 2012 · 7 comments


None yet
2 participants

I installed Keter on my local Ubuntu machine using the latest install script. I then tried to start a yesod inited project using it, but upon loading it in the browser, I get the page "Internal Server Error".

Here are my STR:

cd ~/dev/domains/
yesod init # name "KeterTest", type "simple"
cd KeterTest
nano config/keter.yaml # host = localhost; copy-to = /opt/keter/incoming
yesod keter
cd /opt/keter/
cat log/app-KeterTest/err/current.log

Here's the output from the error log:

$ cat log/app-KeterTest/err/current.log 

Attaching new process

Error handler errored out: InternalError "static/tmp: createDirectory: permission denied (Permission denied)"

Presumably that path resolves to /opt/keter/temp/KeterTest-1/static/tmp? The static directory is owned by root and has permissions drwxr-xr-x. Presumably again, whatever user is running the KeterTest binary is not root.

So the root cause is either that the application is running as the wrong user, or the owner/permissions for the static/ directory are set up wrong?

I've glanced at the documentation, but not much because it appears out-of-date (e.g. it doesn't even use nginx any more AFAICS?).


$ uname -a
Linux geb 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/issue
Ubuntu 12.04.1 LTS \n \l

$ yesod version
yesod-core version:
yesod version:
$ ghc --version
The Glorious Glasgow Haskell Compilation System, version 7.4.1

(keter version doesn't seem to exist)

I can get it working by doing a chmod 777 on the static directory after deploying but before making any HTTP requests, which is consistent with the above. This obviously isn't a solution, though.

System.Posix.User reports that the binary is being run under my non-superuser account. I don't know how this is user is determined.

It seems the bug is that the KeterTest-N/static directory is not owned by the user that Keter decides to run the binary as.

Since found that the user that Keter runs the app as is determined by the setuid option in keter-config.yaml. So IMO the bug is that the owner of static/ should be set to this user.

(Workaround is simply to change the setuid option to root, though I don't really want my apps running as root.)


snoyberg commented Dec 27, 2012

The is up to date, except for the "Technical details" section which I just removed. Also, to get the version, please run keter --version.

I thought that unpacking files does create them with the right UID, let me research this a bit and see if I can reproduce. I'm assuming this is reproducible on your system with a standard Yesod scaffold?


snoyberg commented Dec 27, 2012

OK, I think I found the problems: I was using createTree, and then I wasn't setting the UID of parent directories appropriately. This should now be fixed in version on Hackage, can you test and let me know?

Previous keter is 0.3.4. Upgrading to fixes the issue (entire KeterTest-N tree is owned by process-running user). Thanks Michael!


snoyberg commented Dec 27, 2012

Sure, thanks for reporting and testing!

snoyberg closed this Dec 27, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment