Permissions of the [dspace] directory

[Ashim Kapoor]

Dear All,

I am reading this

At one place it says :

# Change [dspace] and all subfolders to be owned by "tomcat"
chown -R tomcat:tomcat [dspace]

At another place it says :
mkdir [dspace]
chown dspace [dspace]

I think that FIRST we have to do :-

1. chown dspace [dpspace]

2. Then run maven and ant

When I am building the webapp using maven and ant the user dspace needs ownership over the [dspace] directory.

Once it is built, THEN we should do :-

chown -R tomcat:tomcat [dspace]

So that tomcat has permissions over dspace directory.

Do I understand this correctly?

Query: Suppose after running maven and ant, I do:-

cp -R [dspace]/webapps/* [tomcat]/webapps*

Then does tomcat still need to have permissions over [dpsace] ? In other words, do I still need to do:-

chown -R tomcat:tomcat [dspace]

Please clarify.

Best Regards,

Ashim

[Mark H. Wood]

On Wed, Feb 26, 2020 at 10:30:57AM +0530, Ashim Kapoor wrote:
> I am reading this
> <https://wiki.lyrasis.org/display/DSDOC6x/Installing+DSpace>

>
> At one place it says :
> # Change [dspace] and all subfolders to be owned by "tomcat"
> chown -R tomcat:tomcat [dspace]
>
> At another place it says :
> mkdir [dspace]
> chown dspace [dspace]

Thank you for pointing this out. I thought we had removed all of that
confusion.

> I think that FIRST we have to do :-
>
> 1. chown dspace [dpspace]
> 2. Then run maven and ant
>
> When I am building the webapp using maven and ant the user dspace needs
> ownership over the [dspace] directory.
>
> Once it is built, THEN we should do :-
>
> chown -R tomcat:tomcat [dspace]
>
> So that tomcat has permissions over dspace directory.
>
> Do I understand this correctly?

I think that would work. But, read on.

> Query: Suppose after running maven and ant, I do:-
>
> cp -R [dspace]/webapps/* [tomcat]/webapps*
>
> Then does tomcat still need to have permissions over [dpsace] ? In other
> words, do I still need to do:-
>
> chown -R tomcat:tomcat [dspace]

Tomcat needs read access to all of the files in [dspace], and write
access to many of them. The easiest way to do this is to have them
all owned by the account which runs Tomcat, with rwx access for
owner. The documentation calls that account 'tomcat', but on your
system Tomcat may have been installed to use an account with a
different name. Whatever that account is called, it should own the
files that make up the installed instance of DSpace ([dspace]).

The build directory ([dspace-source]) can be owned by any account you
choose. You just need a way to run the installer so that it can read
the [dspace-source] directory tree and write the [dspace] directory
tree.

There is no need for a separate 'dspace' account. We need to finish
removing that from the documentation. DSpace does not know or care
about OS accounts. Tomcat has to care because it is what needs the
permissions -- DSpace runs inside Tomcat and uses Tomcat's
permissions.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

[Ashim Kapoor]

Many thanks for this info. Now I am more clear as to what permissions to use.

 

There is no need for a separate 'dspace' account.  We need to finish
removing that from the documentation.  DSpace does not know or care
about OS accounts.  Tomcat has to care because it is what needs the
permissions -- DSpace runs inside Tomcat and uses Tomcat's
permissions.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/20200226144157.GC8836%40IUPUI.Edu.

[Ashim Kapoor]

Dear Mark,

I think the build directory [dspace-source] also needs write permissions by the account which is used while doing "mvn package"

I get this error when I try building by non root user who does not have write permission for [dspace-source]:

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-resources-plugin:2.7:resources (default-resources) on project additions: Cannot create resource output directory: /home/ashim/dspace-6.3-release/dspace/modules/additions/target/classes -> [Help 1]

Am I missing something?

Best Regards,

Ashim

[Ashim Kapoor]

Hello Again,

before I do mvn package, I gave dspace.dir = /home/dspace in my local.cfg. It is ignoring this and building the script in [dspace-source]/dspace.

Perhaps this is the reason it needs write permissions for [dspace-source]

Can you please help me ?

Thank you,

Ashim

[Ashim Kapoor]

Hi,

I am mistaken.

To build the directory [dspace] I need to do :-

ant fresh_install

Till the time I do this the [dspace] folder will be empty.

but coming to the query that we need only read permission for [dspace-source].

When we do mvn package, it will build a target directory inside dspace-source folder. That is why it needs BOTH read and write permissions for the [dspace-source].

Please correct me if I am wrong.

Best,

Ashim

[Sean Carte]

That is correct: your user (dspace or whatever you choose to run mvn, etc.), needs rwx permission for the dspace-src directory.

I think you may have misunderstood what Mark was telling you: the installer (ant) needs to be able to read the dspace-src and write to the dspace directories:

The build directory ([dspace-source]) can be owned by any account you
choose.  You just need a way to run the installer so that it can read
the [dspace-source] directory tree and write the [dspace] directory
tree.

To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAGEJAoH7_0chQRSNxFdW-%2BmUqGxhhxfAdpZnEdsJsQ_Yj_EgLw%40mail.gmail.com.

--

[Ashim Kapoor]

Hello,

now I think I get it.

I need to run

1. mvn

and 

2. ant fresh_install

These may be run by 2 different users.

The first constraint here is that [1] has to be run by a user who has rwx permission over [dspace-source] directory.

The second constraint is that [2] needs to be able to read the [dspace-source] and write to the [dspace] directory.

Please correct me if I am mistaken.

Thank you,

Ashim

[Ashim Kapoor]

Hi again,

I meant :-

The second constraint is that [2] needs to be run by a user who is able to read the [dspace-source] and write to the [dspace] directory.

[Sean Carte]

I think that's correct.

--

[Ashim Kapoor]

On Mon, 2 Mar 2020 at 22:18, Ashim Kapoor <ashim....@nipfp.org.in> wrote:

Hello,

now I think I get it.

I need to run

1. mvn

and 

2. ant fresh_install

These may be run by 2 different users.

The first constraint here is that [1] has to be run by a user who has rwx permission over [dspace-source] directory.

This seems ok when tested with these permissions.

The second constraint is that [2] needs to be able to read the [dspace-source] and write to the [dspace] directory.

[2] ALSO needs rwx permissions for [dspace-source]. I think it also needs a chmod g+s for the [dspace] directory so that the newly spawned directories are writable.