rabbitmq-plugins reverting permissions on /etc/rabbitmq/enabled_plugins
4,405 views
Skip to first unread message
Mitchell Cooper
Dec 8, 2014, 6:41:19 PM12/8/14
to rabbitm...@googlegroups.com
I am getting this error when trying to apply a new plugin:
Applying plugin configuration to rabbit@n7xxxxxxxx01... failed.
Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
eacces}
I'm logged in with root privileges.
As you can see, the /etc/rabbitmq/enabled_plugins file has only read and write for the owner which is root:
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw------- 1 root root 23 Dec 8 15:25 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
If I chmod to 644 on this file so everyone can at least read it, I can reproduce the issue. Please see below:
[root@n7xxxxxxxxx01 rabbitmq]# chmod 644 enabled_plugins
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw-r--r-- 1 root root 23 Dec 8 15:25 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
[root@n7xxxxxxxxx01 rabbitmq]# rabbitmq-plugins enable rabbitmq_federation
The following plugins have been enabled:
rabbitmq_federation
Applying plugin configuration to rabbit@n7eatsnapirmq01... failed.
Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
eacces}
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw------- 1 root root 43 Dec 8 15:36 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
It looks like rabbitmq-plugins is reverting the 644 permissions I put on enabled_plugins to 640. Why would this be happening? When this file is 640 and owned by root, RabbitMQ can't start because as the rabbitmq user, it can't read this file.
When I install RabbitMQ on a new server (version 3.4.2), I install it as root. In fact, we're using Chef to install RabbitMQ which happens as root.
Anyone know why rabbitmq-plugins would be setting this file back to 640?
Thank you!!
Applying plugin configuration to rabbit@n7xxxxxxxx01... failed.
Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
eacces}
I'm logged in with root privileges.
As you can see, the /etc/rabbitmq/enabled_plugins file has only read and write for the owner which is root:
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw------- 1 root root 23 Dec 8 15:25 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
If I chmod to 644 on this file so everyone can at least read it, I can reproduce the issue. Please see below:
[root@n7xxxxxxxxx01 rabbitmq]# chmod 644 enabled_plugins
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw-r--r-- 1 root root 23 Dec 8 15:25 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
[root@n7xxxxxxxxx01 rabbitmq]# rabbitmq-plugins enable rabbitmq_federation
The following plugins have been enabled:
rabbitmq_federation
Applying plugin configuration to rabbit@n7eatsnapirmq01... failed.
Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
eacces}
[root@n7xxxxxxxxx01 rabbitmq]# ls -l
total 12
-rw------- 1 root root 43 Dec 8 15:36 enabled_plugins
-rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
-rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
It looks like rabbitmq-plugins is reverting the 644 permissions I put on enabled_plugins to 640. Why would this be happening? When this file is 640 and owned by root, RabbitMQ can't start because as the rabbitmq user, it can't read this file.
When I install RabbitMQ on a new server (version 3.4.2), I install it as root. In fact, we're using Chef to install RabbitMQ which happens as root.
Anyone know why rabbitmq-plugins would be setting this file back to 640?
Thank you!!
Michael Klishin
Dec 9, 2014, 4:36:26 AM12/9/14
to rabbitm...@googlegroups.com, Mitchell Cooper
On 9 December 2014 at 02:41:21, 'Mitchell Cooper' via rabbitmq-users (rabbitm...@googlegroups.com) wrote:
> I am getting this error when trying to apply a new plugin:
>
> Applying plugin configuration to rabbit@n7xxxxxxxx01...
> failed.
> Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
> eacces}
>
> I'm logged in with root privileges.
>
> As you can see, the /etc/rabbitmq/enabled_plugins file has
> only read and write for the owner which is root:
>
> [root@n7xxxxxxxxx01 rabbitmq]# ls -l
> total 12
> -rw------- 1 root root 23 Dec 8 15:25 enabled_plugins
> -rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
> -rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
RabbitMQ and related tools (e.g. rabbitmq-plugins) need the enabled_plugins file to be
> I am getting this error when trying to apply a new plugin:
>
> Applying plugin configuration to rabbit@n7xxxxxxxx01...
> failed.
> Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins",
> eacces}
>
> I'm logged in with root privileges.
>
> As you can see, the /etc/rabbitmq/enabled_plugins file has
> only read and write for the owner which is root:
>
> [root@n7xxxxxxxxx01 rabbitmq]# ls -l
> total 12
> -rw------- 1 root root 23 Dec 8 15:25 enabled_plugins
> -rw-r--r-- 1 root root 107 Dec 8 15:12 rabbitmq-env.conf
> -rw-r--r-- 1 root root 638 Dec 8 15:12 rabbitmq.config
both readable and writeable. Have you considered changing its ownership to `rabbitmq`?
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
Simon MacMullen
Dec 9, 2014, 4:44:10 AM12/9/14
to Michael Klishin, rabbitm...@googlegroups.com, Mitchell Cooper
On 09/12/14 09:36, Michael Klishin wrote:
> RabbitMQ and related tools (e.g. rabbitmq-plugins) need the enabled_plugins file to be
> both readable and writeable. Have you considered changing its ownership to `rabbitmq`?
No. That's not the right answer.
> RabbitMQ and related tools (e.g. rabbitmq-plugins) need the enabled_plugins file to be
> both readable and writeable. Have you considered changing its ownership to `rabbitmq`?
enabled_plugins should be owned by root and world readable. Owned by
root because rabbitmq-plugins will write it, and world-readable since
the 'rabbitmq' user the server runs as needs to read it.
The .deb / RPM packages should set this up by default, and I believe
that's what chef uses.
However, rabbitmq-plugins (and indeed everything in RabbitMQ) doesn't
mess with permissions directly, it just writes the file. So something in
the OS configuration is causing this.
If I had to guess I'd suggest the root user's umask is set to something
that prevents files being world-readable by default?
Cheers, Simon
Mitchell Cooper
Dec 9, 2014, 11:43:47 AM12/9/14
to rabbitm...@googlegroups.com, mkli...@pivotal.io, mlco...@yahoo.com
Simon, I believe you're correct here. The root users umask is set to 077, so when I run rabbitmq-plugins it's as if it recreates the the /etc/rabbitmq/enabled-plugins file as a new file so it only gets created with 640 which causes this error of not being able to read it to occur. I am not sure how to get around this.
Mitchell Cooper
Dec 9, 2014, 2:52:02 PM12/9/14
to rabbitm...@googlegroups.com, mkli...@pivotal.io, mlco...@yahoo.com
We confirmed it was indeed the umask default system setting. In Chef, you can set a umask level in Chef's client.rb file and this will be the umask setting that the Chef process runs under. We're going to set umask 0022 in there and we can leave our system default at 0077. Thanks for the quick replies.
Simon MacMullen
Dec 10, 2014, 9:53:31 AM12/10/14
to Mitchell Cooper, rabbitm...@googlegroups.com, mkli...@pivotal.io
BTW I've filed a bug to look into modifying the file in place rather
than deleting and recreating it.
Cheers, Simon
> --
> You received this message because you are subscribed to the Google
> Groups "rabbitmq-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rabbitmq-user...@googlegroups.com
> <mailto:rabbitmq-user...@googlegroups.com>.
> To post to this group, send email to rabbitm...@googlegroups.com
> <mailto:rabbitm...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
than deleting and recreating it.
Cheers, Simon
> You received this message because you are subscribed to the Google
> Groups "rabbitmq-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rabbitmq-user...@googlegroups.com
> <mailto:rabbitmq-user...@googlegroups.com>.
> To post to this group, send email to rabbitm...@googlegroups.com
> <mailto:rabbitm...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Barry Kaplan
Mar 1, 2016, 11:15:00 AM3/1/16
to rabbitmq-users, mlco...@yahoo.com, mkli...@pivotal.io, si...@rabbitmq.com
This is very old, but it just bit me when installing a fresh 3.6.1. After installing plugins the enabled_plugins was owned by root and rabbit would not start.
Honghao Sun
Sep 5, 2016, 2:32:15 AM9/5/16
to rabbitmq-users, mlco...@yahoo.com, mkli...@pivotal.io, si...@rabbitmq.com
Hi All,
i am using 3.6.1 version, and this issue still exists,
# rabbitmq-plugins enable rabbitmq_management
Plugin configuration unchanged.
Applying plugin configuration to rabbit@ci31a... failed.
Error: {cannot_read_enabled_plugins_file,"/etc/rabbitmq/enabled_plugins", eacces}
how can I fix it? thanks.
Regards,
Joey
Michael Klishin
Sep 5, 2016, 5:04:13 AM9/5/16
to Honghao Sun, rabbitmq-users
Make the file world readable, as recommended above.
Honghao Sun
Sep 5, 2016, 10:15:55 PM9/5/16
to rabbitmq-users, nomad...@gmail.com
Thanks Michael for your reply.
however, the file permission is revert back to 600 after I changed it to 644 and then run 'rabbitmq-plugins enable rabbitmq_management'.
It is just same as the issue described by Mitchell Cooper.
I strace the command 'rabbitmq-plugins enable rabbitmq_management', but didn't find where to change the file permissions.
thanks.
Jean-Sébastien Pédron
Sep 7, 2016, 4:08:22 AM9/7/16
to rabbitm...@googlegroups.com
On 06.09.2016 04:15, Honghao Sun wrote:
> however, the file permission is revert back to 600 after I changed it to
> 644 and then run 'rabbitmq-plugins enable rabbitmq_management'.
Hi!
> however, the file permission is revert back to 600 after I changed it to
> 644 and then run 'rabbitmq-plugins enable rabbitmq_management'.
You need to change root's umask to something like 0022 instead of 0077.
--
Jean-Sébastien Pédron
Pivotal / RabbitMQ
David
Apr 19, 2017, 12:05:13 PM4/19/17
to rabbitmq-users, jean-se...@rabbitmq.com
What if this is not possible to alter, due to standards imposed by others?
Michael Klishin
Apr 19, 2017, 3:25:20 PM4/19/17
to rabbitm...@googlegroups.com, Jean-Sébastien Pédron
Then you will have to wait until https://github.com/rabbitmq/rabbitmq-server/issues/1129 is addressed
(or contribute a patch). It's not particularly high on our priority list, although the issue is hopefully small enough
that maybe someone on our team would feel like working on it between bigger things.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
Piyush Jalan
Apr 20, 2019, 2:23:02 AM4/20/19
to rabbitmq-users
Switch to rabbitmq user and then enable plugin:
$su - rabbitmq
$rabbitmq-plugins enable rabbitmq_management
Thanks
Nirala Tuladhar
Apr 30, 2020, 9:27:49 PM4/30/20
to rabbitmq-users
I am using rabbitmq 3.8.2 and I am also encountering the same issue. I tried using
$su - rabbitmq
But this asked me the password and rabbitmq user does not have any password afaik.
Reply all
Reply to author
Forward
0 new messages