Ownership and file permissions
When running the Lightning CLI, the user who's in control can delegate to root via sudo. Depending on how the Fleek Networking Lightning CLI was installed, this might cause some confusion, which is better explained by reading the reference Keys not found, which illustrates a situation where a user gets an error message about the wrong location of a system path (keystore).
Some reasons why the Permission denied (os error 13) might occur are related to:
- The Fleek Network Lightning CLI process trying to write to a
.lightningstored in a non permitted location - The Fleek Network Lightning CLI process trying to write to
/tmp
The most common issue can be fixed by reading the section Override the TMPDIR.
Override the TMPDIR
The Fleek Network Lightning process requires writing to a temporary directory. As the process requires permissions, this might fail as demonstrated by some of the output logs we have below.
a) A permission denied error message
Permission denied (os error 13)
b) Rust panic error message which includes a permission denied
thread 'main' panicked at 'called Result::unwrap() on an Err value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', core/node/src/cli.rs:181:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
thread 'main' panicked at 'called Result::unwrap() on an Err value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', core/node/src/cli.rs:181:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
thread 'main' panicked at 'called Result::unwrap() on an Err value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', core/node/src/cli.rs:181:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
thread 'main' panicked at 'called Result::unwrap() on an Err value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', core/node/src/cli.rs:181:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
thread 'main' panicked at 'called Result::unwrap() on an Err value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', core/node/src/cli.rs:181:18
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
c) A trace showing the path where this has failed
[00007fcbe168e764] openat(AT_FDCWD, "/tmp/lightning.log", O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)
[00007fcbe168ea6f] write(2, "thread '", 8thread ') = 8
[00007fcbe168ea6f] write(2, "main", 4main) = 4
[00007fcbe168ea6f] write(2, "' panicked at '", 15' panicked at ') = 15
[00007fcbe168ea6f] write(2, "called `Result::unwrap()` on an "..., 114called `Result::unwrap()` on an `Err` value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }) = 114
[00007fcbe168ea6f] write(2, "', ", 3', ) = 3
The /tmp directory should have wide permissions for all applications, but to mitigate any permission issues the user can override the system environment TMPDIR. For example, the installer and update scripts override TMPDIR environment variable to /var/tmp setting it in the service unit Environment=.
The Lightning CLI process is aware of the environment variable TMPDIR, which the operators can override as discussed in the reference for Update the System service unit.
In short, it requires you to include a Environment= value of TMPDIR=/var/tmp as follows:
[Service]
...
StandardOutput=append:/var/log/lightning/output.log
StandardError=append:/var/log/lightning/diagnostic.log
Environment=TMPDIR=/var/tmp
The /etc/systemd/system/lightning.service service unit file presented here is a shorter version for simplicity. Do not replace your service unit file with the shorter content version presented here.
