permission issue after installtion with hardened umask
-
Hello!
I tried to install cloudron on a Ubuntu 24.04 machine with some security-hardened aspects. One of them being running shell-sessions under a umask of0007.
The installation process got stuck at "Waiting for cloudron to be ready". I checked the service "box.service" and found following error preventing it from starting:systemd[1]: Started box.service - Box. box.js[287242]: /usr/bin/env: 'node': Permission denied systemd[1]: box.service: Main process exited, code=exited, status=126/n/aFurther inspection showed that the local node installation
$ sudo ls -la /usr/local/node-24.13.0/ total 532 drwxr-x--- 6 root root 4096 May 23 21:53 . drwxr-xr-x 11 root root 4096 May 23 21:53 .. -rw-r--r-- 1 1001 1001 330720 Jan 12 18:03 CHANGELOG.md -rw-r--r-- 1 1001 1001 143310 Jan 12 18:03 LICENSE -rw-r--r-- 1 1001 1001 41704 Jan 12 18:03 README.md drwxr-xr-x 2 1001 1001 4096 Jan 12 18:03 bin drwxr-xr-x 3 1001 1001 4096 Jan 12 18:03 include drwxr-xr-x 3 1001 1001 4096 Jan 12 18:02 lib drwxr-xr-x 4 1001 1001 4096 Jan 12 18:02 shareYou can see that the directory
/usr/local/node-24.13.0/has the permissiondrwxr-x---which is limiting the usage for other users.I suggest to set a umask cloudron install process is expecting explicitly at the beginning of the install process.
Output of
cloudron-support --troubleshoot$ sudo cloudron-support --troubleshoot Vendor: QEMU Product: Standard PC (i440FX + PIIX, 1996) Linux: 6.8.0-117-generic Ubuntu: noble 24.04 Cloudron: 9.2.0 Execution environment: kvm Processor: Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz BIOS pc-i440fx-10.1 CPU @ 2.0GHz x 4 RAM: 16370196KB Disk: /dev/mapper/ubuntu--vg-ubuntu--lv 25G [OK] Root disk usage is OK (40%) [OK] Memory usage is OK (6%) [OK] Clock is NTP-synchronized [OK] node version is correct [OK] IPv6 is enabled in kernel. Public IPv6 address detected [OK] docker is running [OK] docker version is correct [OK] MySQL is running [OK] netplan is good [OK] DNS is resolving via systemd-resolved [OK] unbound is running [OK] IPv4 HTTPS to api.cloudron.io/api/v1/helper/public_ip [OK] IPv6 HTTPS to api.cloudron.io/api/v1/helper/public_ip [OK] IPv4 HTTPS to auth.docker.io/token [OK] IPv6 HTTPS to auth.docker.io/token [OK] IPv4 HTTPS to acme-v02.api.letsencrypt.org [OK] IPv6 HTTPS to acme-v02.api.letsencrypt.org [WARN] Cloudron v9.2.0 has not been set up yet. Visit https://<IP> to set up the dashboard. [SKIP] dashboard checks (nginx, cert, loopback, migrations, services, box, domain, expiry) — dashboard not set up ======== Summary ======== PASS: 17 WARN: 1 FAIL: 0 SKIP: 1 Warnings: - Cloudron v9.2.0 has not been set up yet. Visit https://<IP> to set up the dashboard. For troubleshooting tips, see https://docs.cloudron.io/troubleshooting To share a full diagnostic dump on the forum, run: cloudron-support --send-diagnostics
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login