Hi Paul, Thanks for replying. Interestingly I've never dealt with filesystem ACLs before and I didn't even know that ext3/4 systems had that feature.
Here is my output from those commands: bash> getfacl tmp8iEccn # file: tmp8iEccn # owner: galaxy # group: galaxy user::rwx group::--- mask::rwx other::--- bash> getfacl tmp # file: tmp # owner: root # group: galaxy user::rwx group::rwx other::rwx What enforces these ACLs/where can they be tweaked? P.S. The reason I run Galaxy with sudo is because if I try to do so as just the Galaxy user it cannot create the process lock files: "touch: cannot touch `/var/lock/subsys/galaxy`". I suppose I could put the lock files somewhere else or manually give galaxy group permission to /var/lock/subsys (not so sure that's a good idea though), but sudo seemed to solve the problem. You can see my init script in my reply to Nate. Thanks, Josh On Tue, Dec 4, 2012 at 10:06 AM, Paul Boddie <paul.bod...@biotek.uio.no>wrote: > On 04/12/12 16:52, Josh Nielsen wrote: > >> I am getting the error "(13)Permission denied: xsendfile: cannot open >> file: >> /basedir/galaxy_data/database/**tmp/tmp8iEccn/library_**download.zip" >> which is >> indeed a basic filesystem permissions issue. The problem is that the >> permissions created for that directory and every directory created in tmp/ >> look like this: >> >> drwx------+ 2 galaxy galaxy 3 Dec 4 09:23 tmp8iEccn >> >> And I have placed the Apache user in the galaxy group, but as you can see >> no group permissions ever get set by Galaxy on the directories that it >> creates (it is getting a 700 permissions setting). >> > > Isn't the trailing + character an indication of ACLs being set on the > directory? What do the following say...? > > getfacl /tmp/tmp8iEccn > getfacl /tmp > > If you do have ACLs involved, it may be the case that various masks are > being enforced via that mechanism. > > Paul > > P.S. I'm not sure that making the galaxy user a "sudoer" would have any > effect unless the user was attempting to gain privileges, which would be a > pretty scary way of running Galaxy, I would have thought. >
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
