[Intelmq-users] Permissions error

Vaclav Bruzek vasek.bruzek at gmail.com
Wed Aug 28 14:09:03 CEST 2019 

Hi,
thanks for the suggestion however after build with intelmqsetup the problem
persists. Following is an exception and the files in etc and the access
privileges.

Traceback (most recent call last):
  File "/usr/local/bin/intelmqctl", line 11, in <module>
    load_entry_point('intelmq==2.0.1', 'console_scripts', 'intelmqctl')()
  File
"/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
line 1710, in main
    x = IntelMQController(interactive=True)
  File
"/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
line 749, in __init__
    self.load_defaults_configuration()
  File
"/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
line 929, in load_defaults_configuration
    config = utils.load_configuration(DEFAULTS_CONF_FILE)
  File
"/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/lib/utils.py",
line 194, in load_configuration
    with open(configuration_filepath, 'r') as fpconfig:
PermissionError: [Errno 13] Permission denied:
'/opt/intelmq/etc/defaults.conf'

drwxr-xr-x 3 intelmq root  4096 Aug 28 12:04 .
drwxr-xr-x 9 intelmq root  4096 Aug 28 12:04 ..
-rwxrwx--- 1 root    root  6846 Aug 22 08:00 BOTS
-rwxrwx--- 1 root    root  1136 Aug 28 12:04 defaults.conf
drwxr-xr-x 2 root    root  4096 Aug 28 12:03 examples
-rwxrwx--- 1 root    root 21650 Aug 22 08:00 harmonization.conf
-rwxrwx--- 1 root    root 24517 Aug 22 08:00 pipeline.conf
-rwxrwx--- 1 root    root 38675 Aug 28 12:04 runtime.conf


Sincerely,
Václav Brůžek


On Wed, 28 Aug 2019 at 13:34, Sebastian Wagner <wagner at cert.at> wrote:

> Hi,
>
> When you do a manual installation, you also need to create the directory
> structure. For this purpose there's a new executable `intelmqsetup` doing
> all these steps.
> See also the installation documentation:
> https://github.com/certtools/intelmq/blob/maintenance/docs/INSTALL.md#pypi
>
> All bots and intelmq actually check if they run privileged as root and
> degrade to "intelmq" for security reasons. That's definitely a bug if
> that's not working for you as you write that they are all running as root.
>
> Sebastian
> On 28/08/2019 13.00, Vaclav Bruzek wrote:
>
> Hi Sebastian,
> the whole directory /opt/intelmq/var/ is not created only /etc/ which was
> created by me during image build. I've tried to fix the problem by creating
> the required folders but then the the permissions on files in etc were
> wrong, then intelmq was unable to load pid files and so on. That was the
> moment I decided to ask the mailing list. My guess is that something is
> being done differently now. Even weirder is that the whole container (and
> intelmq) runs under root so there should be no errors regarding
> permissions.
>
> Sincerely,
> Václav Brůžek
>
>
> On Wed, 28 Aug 2019 at 11:57, Sebastian Wagner <wagner at cert.at> wrote:
>
>> Hi Václav,
>>
>> Is /opt/intelmq/var/log/intelmqctl.log owned by root? If yes: chown
>> intelmq:intelmq /opt/intelmq/var/log/intelmqctl.log
>>
>> Sebastian
>> On 28/08/2019 11.14, Vaclav Bruzek wrote:
>>
>> Hi mailing list,
>> I've recently upgraded intelmq from version 1.1.2 to 2.0.1. My intelmq
>> runs in Docker. I have a slight issue with the botnet startup on the new
>> version (the previous version works ok). Intelmq fails to start because of
>> the exception present at the bottom of the mail. Upon further
>> investigation, when the folder was manually created, other issues started
>> to pop up. All of them were due to a permission error on either the files
>> in /opt/intelmq/etc/ or some else that intelmq tried to access during
>> startup. Did something change in the setup requirements that I've
>> overlooked?
>>
>> 28/08/2019 09:48:272019-08-28 07:48:27,796 DEBG 'intelmq' stdout output:
>> 28/08/2019 09:48:27Traceback (most recent call last):
>> 28/08/2019 09:48:27  File
>> "/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
>> line 657, in __init__
>> 28/08/2019 09:48:27    logging_level_stream=logging_level_stream)
>> 28/08/2019 09:48:27  File
>> "/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/lib/utils.py",
>> line 334, in log
>> 28/08/2019 09:48:27    handler = FileHandler("%s/%s.log" % (log_path,
>> name))
>> 28/08/2019 09:48:27  File "/usr/lib/python3.6/logging/__init__.py", line
>> 1032, in __init__
>> 28/08/2019 09:48:27    StreamHandler.__init__(self, self._open())
>> 28/08/2019 09:48:27  File "/usr/lib/python3.6/logging/__init__.py", line
>> 1061, in _open
>> 28/08/2019 09:48:27    return open(self.baseFilename, self.mode,
>> encoding=self.encoding)
>> 28/08/2019 09:48:27FileNotFoundError: [Errno 2] No such file or
>> directory: '/opt/intelmq/var/log/intelmqctl.log'
>> 28/08/2019 09:48:27
>> 28/08/2019 09:48:27During handling of the above exception, another
>> exception occurred:
>> 28/08/2019 09:48:27
>> 28/08/2019 09:48:27Traceback (most recent call last):
>> 28/08/2019 09:48:27  File "/usr/local/bin/intelmqctl", line 11, in
>> <module>
>> 28/08/2019 09:48:27    load_entry_point('intelmq==2.0.1',
>> 'console_scripts', 'intelmqctl')()
>> 28/08/2019 09:48:27  File
>> "/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
>> line 1710, in main
>> 28/08/2019 09:48:27    x = IntelMQController(interactive=True)
>> 28/08/2019 09:48:27  File
>> "/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/bin/intelmqctl.py",
>> line 661, in __init__
>> 28/08/2019 09:48:27    logging_level_stream=logging_level_stream)
>> 28/08/2019 09:48:27  File
>> "/usr/local/lib/python3.6/dist-packages/intelmq-2.0.1-py3.6.egg/intelmq/lib/utils.py",
>> line 345, in log
>> 28/08/2019 09:48:27    raise ValueError("Invalid configuration, neither
>> log_path is given nor syslog is used.")
>> 28/08/2019 09:48:27ValueError: Invalid configuration, neither log_path is
>> given nor syslog is used.
>>
>> Sincerely,
>> Václav Brůžek
>>
>> --
>> // Sebastian Wagner <wagner at cert.at> <wagner at cert.at> - T: +43 1 5056416 7201
>> // CERT Austria - https://www.cert.at/
>> // Eine Initiative der nic.at GmbH - https://www.nic.at/
>> // Firmenbuchnummer 172568b, LG Salzburg
>>
>> --
> // Sebastian Wagner <wagner at cert.at> <wagner at cert.at> - T: +43 1 5056416 7201
> // CERT Austria - https://www.cert.at/
> // Eine Initiative der nic.at GmbH - https://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20190828/12711753/attachment.html>

More information about the Intelmq-users mailing list