Hi Nate,

Thanks for the reply. No I hadn't thought to add anything to
/etc/init.d/galaxy itself. It is a short enough script that I can paste it
below. What would I need to do to edit it with umask settings?

Also I should note, changing the umask in the PAM files actually did change
the default permissions for the galaxy user when I did an "su - galaxy" in
a bash shell and then created or 'touch'-ed any files (which you could
logically expect). But for some reason it didn't seem to make a difference
with the directories created in that tmp/ directory even though the galaxy
user was given ownership. That made me wonder if something was going on
internal to Galaxy, or something else, that was overwriting/ignoring the
system umask settings (which actually work fine in a shell environment as
the user itself). Maybe I'll look into that ACL stuff Paul mentioned.

Here is my /etc/init.d/galaxy script:

. /etc/rc.d/init.d/functions


case "$1" in
                          echo -n "Starting galaxy services: "
                          daemon --user $GALAXY_USER "${GALAXY_RUN}
--daemon --pid-file=${GALAXY_PID}"
                          touch /var/lock/subsys/galaxy
                          echo -n "Shutting down galaxy services: "
                          daemon --user $GALAXY_USER "${GALAXY_RUN}
                          rm -f /var/lock/subsys/galaxy
                          daemon --user galaxy "${GALAXY_RUN} --status"
                          $0 stop; $0 start
                          $0 stop; $0 start
                          echo "Usage: galaxy


On Tue, Dec 4, 2012 at 9:56 AM, Nate Coraor <n...@bx.psu.edu> wrote:

> On Dec 4, 2012, at 10:52 AM, Josh Nielsen wrote:
> > Hello all,
> >
> > I am having issues downloading HTML files from Galaxy the same as is
> described in this email chain:
> >
> > http://lists.bx.psu.edu/pipermail/galaxy-dev/2012-August/010965.html
> >
> > I am getting the error "(13)Permission denied: xsendfile: cannot open
> file: /basedir/galaxy_data/database/tmp/tmp8iEccn/library_download.zip"
> which is indeed a basic filesystem permissions issue. The problem is that
> the permissions created for that directory and every directory created in
> tmp/ look like this:
> >
> > drwx------+   2 galaxy galaxy          3 Dec  4 09:23 tmp8iEccn
> >
> > And I have placed the Apache user in the galaxy group, but as you can
> see no group permissions ever get set by Galaxy on the directories that it
> creates (it is getting a 700 permissions setting).
> >
> > As Nate Coraor suggested in the message linked to above, I have tried
> altering the default umask but I ran into issues with getting non-existant
> results. I use "sudo service galaxy start" as the galaxy user each time to
> start the server and a "ps -ef | grep galaxy" confirms that Galaxy is
> running as the galaxy user. Since I use sudo though I changed the sudoers
> file to include:
> >
> > root    ALL=(ALL)       ALL
> > galaxy  ALL=(ALL)       ALL
> > Defaults umask_override
> > Defaults umask = 0002
> >
> > This changed absolutely nothing. Then I started looking deeper into the
> PAM configuration and added a umask directive to /etc/pam.d/sudo (and also
> tried it in password-auth-ac and system-auth-ac) like this: "session
>  optional       pam_umask.so umask=0002". Still nothing changed in the
> permissions in tmp/ when I tried to download an HTML file: no group
> permissions were set. Then I dug deeper still and saw that sometimes if
> setting the mask in /etc/pam.d/ config files is not enough that you can try
> to set a system-wide mask in /etc/login.defs (following the suggestion
> here:
> http://stackoverflow.com/questions/10220531/how-to-set-system-wide-umask).
> Still no dice. I've pretty much exhausted my know-how in this department.
> Any other suggestions of how to fix this or where the correct place to set
> the umask is?
> Hi Josh,
> Thanks for doing such extensive tests.  Have you tried setting the umask
> in the init script itself?
> --nate
> >
> > Thanks,
> > Josh Nielsen
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:


Reply via email to