Munge permission denied #131
Munge permission denied #131
https://github.com/dun/munge/issues/131
larkz opened on Feb 2, 2023 · edited by larkz Hello munge team,
We have lost functionality of the munge service, and as of now, when we type the command,
munge -n We get the following error message.
munge: Error: Failed to access “/run/munge/munge.socket.2”: Permission denied We have tried the following fixes, #38 #76 But unfortunately no luck,
Our system info is, Linux 5.4.0-137-generic 154-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux
Please let us know how we can fix this problem, and if further info is required to debug it.
Many thanks in advance!
Activity
dun added question on Feb 2, 2023 dun dun commented on Feb 2, 2023 dun on Feb 2, 2023 Owner What are the file ownership and permissions for the /run/munge directory and its contents? It should look something like this:
ls -ld /run/munge
drwxr-xr-x 2 munge munge 100 Feb 1 09:37 /run/munge
ls -l /run/munge
total 4 srwxrwxrwx 1 munge munge 0 Feb 1 09:37 munge.socket.2 –w——- 1 munge munge 0 Feb 1 09:37 munge.socket.2.lock -rw-r–r– 1 munge munge 6 Feb 1 09:37 munged.pid The /run/munge directory must allow execute permissions for all. Its permissions should be set to 0755. And the munge.socket.2 (which is created by munged when it starts) should have permissions 0777.
Restarting munged will re-create this socket and warn you if permissions look incorrect.
larkz larkz commented on Feb 3, 2023 larkz on Feb 3, 2023 · edited by larkz Author I see, here are the outputs when we check the folders,
ls -ld /run/munge drwx—— 2 munge munge 40 Feb 1 16:48 /run/munge and
sudo ls -l /run/munge total 0 It appears that the /run/munge folder is empty.
Running systemctl status -l munge gives,
systemctl status -l munge ● munge.service - MUNGE authentication service Loaded: loaded (/etc/systemd/system/munge.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2023-02-01 17:00:10 CET; 23h ago Docs: man:munged(8) Seems like an inability to start the munge service in general…
dun dun commented on Feb 3, 2023 dun on Feb 3, 2023 Owner Based on your uname output above, it appears you’re running Ubuntu 20.04 LTS. That repository has munge-0.5.13. That version creates the /run/munge directory at boot via /usr/lib/tmpfiles.d/munge.conf. That config creates /run/munge with permissions 0755.
It appears that someone or something changed the permissions on /run/munge which caused the permission denied error and prevented the service from restarting. You need to change it back to 0755 and restart the munge service:
chmod 0755 /run/munge
systemctl start munge.service
If you’re still having problems, check /var/log/munge/munged.log for errors:
grep Error: /var/log/munge/munged.log
You might also want to check the installation guide section on troubleshooting.
dun closed this as completedon Feb 4, 2023 larkz larkz commented on Feb 24, 2023 larkz on Feb 24, 2023 Author hi @dun the issue is not closed yet, could you please re-open it?
when I run sudo systemctl status –full munge.service i get this,
sudo systemctl status –full munge.service ● munge.service - MUNGE authentication service Loaded: loaded (/etc/systemd/system/munge.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2023-02-24 14:39:54 CET; 1min 6s ago Docs: man:munged(8) Process: 1092388 ExecStart=/usr/sbin/munged –syslog (code=exited, status=1/FAILURE)
Feb 24 14:39:54 benders systemd[1]: Starting MUNGE authentication service… Feb 24 14:39:54 benders munged[1092395]: Running on “localhost” (127.0.0.1) Feb 24 14:39:54 benders munged[1092395]: Pidfile is insecure: group-writable permissions without sticky bit set on “/” Feb 24 14:39:54 benders systemd[1]: munge.service: Control process exited, code=exited, status=1/FAILURE Feb 24 14:39:54 benders munged[1092388]: munged: Error: Pidfile is insecure: group-writable permissions without stick> Feb 24 14:39:54 benders systemd[1]: munge.service: Failed with result ‘exit-code’. Feb 24 14:39:54 benders systemd[1]: Failed to start MUNGE authentication service. larkz larkz commented on Feb 24, 2023 larkz on Feb 24, 2023 Author running sudo grep Error: /var/log/munge/munged.log does not return anything, its a blank document.
dun dun commented on Feb 25, 2023 dun on Feb 25, 2023 Owner The reason /var/log/munge/munged.log is empty or non-existent is because you’re running munged with the –syslog option which redirects log messages to syslog when the daemon is running in the background.
But the error is listed in your output above:
Pidfile is insecure: group-writable permissions without sticky bit set on “/” To fix: sudo chmod 755 /