Hi Paul,
Thanks for replying. Interestingly I've never dealt with filesystem ACLs before and I didn't even know that ext3/4 systems had that feature.
Here is my output from those commands:
bash> getfacl tmp8iEccn
# file: tmp8iEccn
# owner: galaxy
# group: galaxy
user::rwx
group::---
mask::rwx
other::---
bash> getfacl tmp
# file: tmp
# owner: root
# group: galaxy
user::rwx
group::rwx
other::rwx
What enforces these ACLs/where can they be tweaked?
P.S. The reason I run Galaxy with sudo is because if I try to do so as just the Galaxy user it cannot create the process lock files: "touch: cannot touch `/var/lock/subsys/galaxy`". I suppose I could put the lock files somewhere else or manually give galaxy group permission to /var/lock/subsys (not so sure that's a good idea though), but sudo seemed to solve the problem. You can see my init script in my reply to Nate.
Thanks,
Josh
On Tue, Dec 4, 2012 at 10:06 AM, Paul Boddie
<paul.boddie@biotek.uio.no> wrote:
On 04/12/12 16:52, Josh Nielsen wrote:
I am getting the error "(13)Permission denied: xsendfile: cannot open file:
/basedir/galaxy_data/database/tmp/tmp8iEccn/library_download.zip" which is
indeed a basic filesystem permissions issue. The problem is that the
permissions created for that directory and every directory created in tmp/
look like this:
drwx------+ 2 galaxy galaxy 3 Dec 4 09:23 tmp8iEccn
And I have placed the Apache user in the galaxy group, but as you can see
no group permissions ever get set by Galaxy on the directories that it
creates (it is getting a 700 permissions setting).
Isn't the trailing + character an indication of ACLs being set on the directory? What do the following say...?
getfacl /tmp/tmp8iEccn
getfacl /tmp
If you do have ACLs involved, it may be the case that various masks are being enforced via that mechanism.
Paul
P.S. I'm not sure that making the galaxy user a "sudoer" would have any effect unless the user was attempting to gain privileges, which would be a pretty scary way of running Galaxy, I would have thought.