Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect permissions on /var/lib/nginx/tmp #154

Open
macrel opened this issue Oct 12, 2022 · 2 comments
Open

Incorrect permissions on /var/lib/nginx/tmp #154

macrel opened this issue Oct 12, 2022 · 2 comments

Comments

@macrel
Copy link

macrel commented Oct 12, 2022
edited
Loading

Hi,

We are using an old Docker buildpack without problems. I am in the process of upgrading to the latest version. I run the docker buildpack in the Google Cloud (Container optimized VM). This means, I do a docker buid... and the resulting image is used in the VM. It's a fairly simple and straightforward setup.

So I have not changed anything to the docker buildpack and I have Mendix up & running succesfully. However, some /xas/ requests fail due to a nginx 500 error.

After looking into the logs I found these kind of logs: "open() "/var/lib/nginx/tmp/client_body/0000000003" failed (13: Permission denied)". So some requests exceed a certain size and nginx uses TMP files for this. These files cannot be created. Looking into the directory permissions of these folders in the docker container I discovered the following:

  • Directory /var/lib/nginx/tmp is set to 1001:root
  • Everything within /var/lib/nginx/tmp/* is set to nginx:root

1001 is the user as specified in the Docker buildpack, but appareantly nginx still runs under the user 'nginx'. When I change the ownership (chown) of everything in /var/lib/nginx/tmp/* to user 1001, it still is not working. However, when I change the owner ship of /var/lib/nginx/* to user nginx, the problem is solved.

So I can add a line to my Dockerfile to do "chown -R nginx /var/lib/nginx". That's what I will do for now as it seems to fix all the problems. But I think something must be changed within the Dockerfile (of CF buildpack) to fix this by default.

Any ideas on this and on my temporary fix?

--
Ps. I also noticed that the nginx.conf file that is used for the buildpack (https://github.com/mendix/cf-mendix-buildpack/blob/master/etc/nginx/conf/nginx.conf.j2) does not have a line to specify the nginx USER which usually is on top of the nginx.conf file. That's probably why it's still run as nginx. Which maybe is intended this way, but obviously causes problems with the permissions.
@nirmala-yadav-2509
Copy link

Hi Marcel,

Can you please let me know where to add this chown commend in docker file.

@macrel
Copy link
Author

macrel commented Jan 19, 2024

Hi, this is a long time ago and we use a different infrastructure now. But I checked and we added this line:

RUN chown -R nginx /var/lib/nginx

at the bottom of the Dockerfile right above "ENV PORT XXX" so it's almost at the bottom of the file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@macrel @nirmala-yadav-2509