<![CDATA[permission issue after installtion with hardened umask]]>

<![CDATA[permission issue after installtion with hardened umask]]>Hello!
I tried to install cloudron on a Ubuntu 24.04 machine with some security-hardened aspects. One of them being running shell-sessions under a umask of 0007.
The installation process got stuck at "Waiting for cloudron to be ready". I checked the service "box.service" and found following error preventing it from starting:

systemd[1]: Started box.service - Box.
box.js[287242]: /usr/bin/env: 'node': Permission denied
systemd[1]: box.service: Main process exited, code=exited, status=126/n/a

Further inspection showed that the local node installation

$ sudo ls -la /usr/local/node-24.13.0/
total 532
drwxr-x---  6 root root   4096 May 23 21:53 .
drwxr-xr-x 11 root root   4096 May 23 21:53 ..
-rw-r--r--  1 1001 1001 330720 Jan 12 18:03 CHANGELOG.md
-rw-r--r--  1 1001 1001 143310 Jan 12 18:03 LICENSE
-rw-r--r--  1 1001 1001  41704 Jan 12 18:03 README.md
drwxr-xr-x  2 1001 1001   4096 Jan 12 18:03 bin
drwxr-xr-x  3 1001 1001   4096 Jan 12 18:03 include
drwxr-xr-x  3 1001 1001   4096 Jan 12 18:02 lib
drwxr-xr-x  4 1001 1001   4096 Jan 12 18:02 share

You can see that the directory /usr/local/node-24.13.0/ has the permission drwxr-x--- which is limiting the usage for other users.

I suggest to set a umask cloudron install process is expecting explicitly at the beginning of the install process.

Output of cloudron-support --troubleshoot

$ sudo cloudron-support --troubleshoot
Vendor: QEMU Product: Standard PC (i440FX + PIIX, 1996)
Linux: 6.8.0-117-generic
Ubuntu: noble 24.04
Cloudron: 9.2.0
Execution environment: kvm
Processor: Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz
BIOS pc-i440fx-10.1  CPU @ 2.0GHz x 4
RAM: 16370196KB
Disk: /dev/mapper/ubuntu--vg-ubuntu--lv   25G
[OK]    Root disk usage is OK (40%)
[OK]    Memory usage is OK (6%)
[OK]    Clock is NTP-synchronized
[OK]    node version is correct
[OK]    IPv6 is enabled in kernel. Public IPv6 address detected
[OK]    docker is running
[OK]    docker version is correct
[OK]    MySQL is running
[OK]    netplan is good
[OK]    DNS is resolving via systemd-resolved
[OK]    unbound is running
[OK]    IPv4 HTTPS to api.cloudron.io/api/v1/helper/public_ip
[OK]    IPv6 HTTPS to api.cloudron.io/api/v1/helper/public_ip
[OK]    IPv4 HTTPS to auth.docker.io/token
[OK]    IPv6 HTTPS to auth.docker.io/token
[OK]    IPv4 HTTPS to acme-v02.api.letsencrypt.org
[OK]    IPv6 HTTPS to acme-v02.api.letsencrypt.org
[WARN]  Cloudron v9.2.0 has not been set up yet. Visit https://<IP> to set up the dashboard.
[SKIP]  dashboard checks (nginx, cert, loopback, migrations, services, box, domain, expiry) — dashboard not set up

======== Summary ========
PASS:  17
WARN:  1
FAIL:  0
SKIP:  1

Warnings:
  - Cloudron v9.2.0 has not been set up yet. Visit https://<IP> to set up the dashboard.

For troubleshooting tips, see https://docs.cloudron.io/troubleshooting
To share a full diagnostic dump on the forum, run: cloudron-support --send-diagnostics

]]>https://forum.cloudron.io/topic/15545/permission-issue-after-installtion-with-hardened-umaskRSS for NodeSun, 24 May 2026 15:25:37 GMTSun, 24 May 2026 07:24:05 GMT60<![CDATA[Reply to permission issue after installtion with hardened umask on Sun, 24 May 2026 09:19:06 GMT]]>Hello @günter and welcome to the Cloudron forum.

A set-up like that is not tested by us.
This could lead to other issues further down the road.

]]>https://forum.cloudron.io/post/125068https://forum.cloudron.io/post/125068Sun, 24 May 2026 09:19:06 GMT