search

denoland / deno

A modern runtime for JavaScript and TypeScript.
https://deno.com
MIT License
97.78k stars 5.38k forks source link

listenAndServeTLS - Uncaught PermissionDenied: Permission denied (os error 13) #5816

Closed Lonniebiz closed 1 month ago

Lonniebiz commented 4 years ago

deno 1.0.0 v8 8.4.300 typescript 3.9.2

I'm trying to run the code snippet shown in the documentation for listenAndServeTLS.

I'm running the script like this: deno run --allow-net --allow-read server.js

I getting this error:

error: Uncaught PermissionDenied: Permission denied (os error 13)
    at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11)
    at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10)
    at Object.listenTls ($deno$/ops/tls.ts:67:10)
    at listenTls ($deno$/tls.ts:51:22)
    at serveTLS (https://deno.land/std/http/server.ts:313:20)
    at listenAndServeTLS (https://deno.land/std/http/server.ts:338:18)
    at file:///home/user/test/server.js:10:1

I'm using a real certificate. I've set permissions on the cert-files to 777:

chmod 777 localhost.crt
chmod 777 localhost.key

Yet, I'm still getting the same error. When I google this error, I come across Rust related threads.

Ultimately, the only way I could get past this error was to run the script using sudo: sudo /home/user/.deno/bin/deno run --allow-net --allow-read server.js

Is this a bug, or expected behavior?

ry commented 4 years ago

It's expected behavior - I guess you have some odd ownership/permissions going on. That said, the error message would be improved by including corresponding path...

Lonniebiz commented 4 years ago

@ry There is nothing odd about the cert-files' ownership. Both files have my Linux user as owner and group. Are you suggesting that maybe there are ownership issues with my deno installation? I just checked that, and the deno executable also shows me as owner and group.

In node, I understand that openssl is something that node uses as an external program (unlike other builtin stuff). So maybe, in Deno, it is the openssl module that has the ownership mismatch for me. With deno, everything seems to be provided, amazingly, through one executable file. Is openssl zipped up somewhere in the Deno executable, or is deno using the same openssl that I installed via the Linux repository (to generate the self-sign certificate)?

BTW, I typically have no permission issues reading files with Deno, except when I'm using the listenAndServeTLS and serveTLS. This permission issue only occurs when supplying paths to the HTTPSOptions object.

lemaguilera commented 4 years ago

I had this same error and I couldn't solve it using a user not even with sudo, but with the root user it works perfectly

Lonniebiz commented 4 years ago

According to Ry, this is expected behavior. Even on a fresh virtual machine, with everything having default permissions, I still get that error: denoSSLtest

I guess this just a consequence of being "Secure By Default"? In node, I'm able to run an ssl server script without using sudo or root.

If I wanted to give a non-root user the ability to run a deno https server script, how would I accomplish that in deno?

Lonniebiz commented 4 years ago

In my attempts to run the script without root or sudo. I've tried the following:

Folder where script is: /home/myUserName/denoHTTPSserver

The app contains 3 files, and I've set them to the most permissive permissions possible:

chmod 777 /home/myUserName/denoHTTPSserver/localhost.crt
chmod 777 /home/myUserName/denoHTTPSserver/localhost.key
chmod 777 /home/myUserName/denoHTTPSserver/script.js

Every file in my user's home folder is owned by the user who runs the script. sudo chown -R myUserName:myUserName /home/myUserName

The deno executable is located here: /home/myUserName/.deno/bin/deno

So due to the recursive chown command above, even the deno executable is owned by the myUserName user. All of this, and I still have to run the script with sudo or root.

I can't see how my Linux permissions are blocking Deno from allowing a regular user to run this script. In non-ssl related scripts, I have no issue reading files within my script folders. Perhaps the permissions are really being blocked by openssl? In node, it is my understanding that openssl is an external dependency. I assume openssl is also an external dependency in deno. So what is node doing that deno isn't, that ultimately allows regular users to run a script that serves https?

Perhaps this is just intentionally impossible, and I just need to just accept it and move on. Please advise.

bartlomieju commented 4 years ago

@Lonniebiz can you run again with -Ldebug flag and paste the output?

Lonniebiz commented 4 years ago

@bartlomieju This zip file contains a file named Ldebug.txt, and it also contains the 3 app files (so you can run them for yourself): testDeno.zip

For convenience, here's the output of Ldebug:

lonnie@test-vb:~/testDeno$ deno run -Ldebug --allow-net --allow-read script.js 
Deno isolate init with snapshots.
rust:shared_queue:reset
DEBUG JS - cwd /home/lonnie/testDeno
DEBUG JS - args []
main_module file:///home/lonnie/testDeno/script.js
fetch_source_file specifier: file:///home/lonnie/testDeno/script.js 
⚠️️  Granted read access to "/home/lonnie/testDeno/script.js"
register_complete file:///home/lonnie/testDeno/script.js
fetch_source_file specifier: https://deno.land/std/http/server.ts 
⚠️️  Granted network access to "https://deno.land/std/http/server.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/http/server.ts.js"
register_complete https://deno.land/std/http/server.ts
fetch_source_file specifier: https://deno.land/std/encoding/utf8.ts 
⚠️️  Granted network access to "https://deno.land/std/encoding/utf8.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/encoding/utf8.ts.js"
register_complete https://deno.land/std/encoding/utf8.ts
fetch_source_file specifier: https://deno.land/std/io/bufio.ts 
⚠️️  Granted network access to "https://deno.land/std/io/bufio.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/io/bufio.ts.js"
register_complete https://deno.land/std/io/bufio.ts
fetch_source_file specifier: https://deno.land/std/testing/asserts.ts 
⚠️️  Granted network access to "https://deno.land/std/testing/asserts.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/testing/asserts.ts.js"
register_complete https://deno.land/std/testing/asserts.ts
fetch_source_file specifier: https://deno.land/std/async/mod.ts 
⚠️️  Granted network access to "https://deno.land/std/async/mod.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/async/mod.ts.js"
register_complete https://deno.land/std/async/mod.ts
fetch_source_file specifier: https://deno.land/std/http/_io.ts 
⚠️️  Granted network access to "https://deno.land/std/http/_io.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/http/_io.ts.js"
register_complete https://deno.land/std/http/_io.ts
fetch_source_file specifier: https://deno.land/std/io/util.ts 
⚠️️  Granted network access to "https://deno.land/std/io/util.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/io/util.ts.js"
register_complete https://deno.land/std/io/util.ts
fetch_source_file specifier: https://deno.land/std/fmt/colors.ts 
⚠️️  Granted network access to "https://deno.land/std/fmt/colors.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/fmt/colors.ts.js"
register_complete https://deno.land/std/fmt/colors.ts
fetch_source_file specifier: https://deno.land/std/testing/diff.ts 
⚠️️  Granted network access to "https://deno.land/std/testing/diff.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/testing/diff.ts.js"
register_complete https://deno.land/std/testing/diff.ts
fetch_source_file specifier: https://deno.land/std/async/deferred.ts 
⚠️️  Granted network access to "https://deno.land/std/async/deferred.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/async/deferred.ts.js"
register_complete https://deno.land/std/async/deferred.ts
fetch_source_file specifier: https://deno.land/std/async/delay.ts 
⚠️️  Granted network access to "https://deno.land/std/async/delay.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/async/delay.ts.js"
register_complete https://deno.land/std/async/delay.ts
fetch_source_file specifier: https://deno.land/std/async/mux_async_iterator.ts 
⚠️️  Granted network access to "https://deno.land/std/async/mux_async_iterator.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/async/mux_async_iterator.ts.js"
register_complete https://deno.land/std/async/mux_async_iterator.ts
fetch_source_file specifier: https://deno.land/std/textproto/mod.ts 
⚠️️  Granted network access to "https://deno.land/std/textproto/mod.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/textproto/mod.ts.js"
register_complete https://deno.land/std/textproto/mod.ts
fetch_source_file specifier: https://deno.land/std/http/http_status.ts 
⚠️️  Granted network access to "https://deno.land/std/http/http_status.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/http/http_status.ts.js"
register_complete https://deno.land/std/http/http_status.ts
fetch_source_file specifier: https://deno.land/std/path/mod.ts 
⚠️️  Granted network access to "https://deno.land/std/path/mod.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/mod.ts.js"
register_complete https://deno.land/std/path/mod.ts
fetch_source_file specifier: https://deno.land/std/bytes/mod.ts 
⚠️️  Granted network access to "https://deno.land/std/bytes/mod.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/bytes/mod.ts.js"
register_complete https://deno.land/std/bytes/mod.ts
fetch_source_file specifier: https://deno.land/std/path/win32.ts 
⚠️️  Granted network access to "https://deno.land/std/path/win32.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/win32.ts.js"
register_complete https://deno.land/std/path/win32.ts
fetch_source_file specifier: https://deno.land/std/path/posix.ts 
⚠️️  Granted network access to "https://deno.land/std/path/posix.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/posix.ts.js"
register_complete https://deno.land/std/path/posix.ts
fetch_source_file specifier: https://deno.land/std/path/common.ts 
⚠️️  Granted network access to "https://deno.land/std/path/common.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/common.ts.js"
register_complete https://deno.land/std/path/common.ts
fetch_source_file specifier: https://deno.land/std/path/separator.ts 
⚠️️  Granted network access to "https://deno.land/std/path/separator.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/separator.ts.js"
register_complete https://deno.land/std/path/separator.ts
fetch_source_file specifier: https://deno.land/std/path/interface.ts 
⚠️️  Granted network access to "https://deno.land/std/path/interface.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/interface.ts.js"
register_complete https://deno.land/std/path/interface.ts
fetch_source_file specifier: https://deno.land/std/path/glob.ts 
⚠️️  Granted network access to "https://deno.land/std/path/glob.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/glob.ts.js"
register_complete https://deno.land/std/path/glob.ts
fetch_source_file specifier: https://deno.land/std/path/_constants.ts 
⚠️️  Granted network access to "https://deno.land/std/path/_constants.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/_constants.ts.js"
register_complete https://deno.land/std/path/_constants.ts
fetch_source_file specifier: https://deno.land/std/path/_util.ts 
⚠️️  Granted network access to "https://deno.land/std/path/_util.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/_util.ts.js"
register_complete https://deno.land/std/path/_util.ts
fetch_source_file specifier: https://deno.land/std/path/_globrex.ts 
⚠️️  Granted network access to "https://deno.land/std/path/_globrex.ts"
load_cache metadata version hash match
compiled filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/path/_globrex.ts.js"
register_complete https://deno.land/std/path/_globrex.ts
DEBUG JS - sendSync op_listen_tls 42
⚠️️  Granted network access to "localhost:443"
⚠️️  Granted read access to "./server.cert"
⚠️️  Granted read access to "./private.key"
DEBUG JS - sendSync op_apply_source_map 5
DEBUG JS - sendSync op_apply_source_map 5
DEBUG JS - sendSync op_apply_source_map 5
DEBUG JS - sendSync op_apply_source_map 5
DEBUG JS - sendSync op_apply_source_map 5
source map filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/http/server.ts.js.map"
DEBUG JS - sendSync op_apply_source_map 5
source map filename: "/home/lonnie/.cache/deno/gen/https/deno.land/std/http/server.ts.js.map"
DEBUG JS - sendSync op_apply_source_map 5
error: Uncaught PermissionDenied: Permission denied (os error 13)
    at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11)
    at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10)
    at Object.listenTls ($deno$/ops/tls.ts:67:10)
    at listenTls ($deno$/tls.ts:51:22)
    at serveTLS (https://deno.land/std/http/server.ts:313:20)
    at listenAndServeTLS (https://deno.land/std/http/server.ts:338:18)
    at file:///home/lonnie/testDeno/script.js:10:1
lemaguilera commented 4 years ago

In my case, compile deno in the root user, and I run the script without problems, I have already tested in production and everything is fine, although it is not good practice to use root, for now I am moving forward with other problems while a final solution comes out to use with another user with sudo

rozaydin commented 4 years ago

I do have the exact same problem, i am running with sudo to overcome the issue (I also chmod 777 the cert and key with no luck)

[ec2-user@ip-172-31-9-36 linkedin]$ deno run -Ldebug --allow-net --allow-read ./src/main.ts Deno isolate init with snapshots. rust:shared_queue:reset DEBUG JS - cwd /home/ec2-user/projects/linkedin DEBUG JS - args [] main_module file:///home/ec2-user/projects/linkedin/src/main.ts fetch_source_file specifier: file:///home/ec2-user/projects/linkedin/src/main.ts ⚠️️ Granted read access to "/home/ec2-user/projects/linkedin/src/main.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/file/home/ec2-user/projects/linkedin/src/main.ts.js" register_complete file:///home/ec2-user/projects/linkedin/src/main.ts fetch_source_file specifier: https://deno.land/std/http/server.ts ⚠️️ Granted network access to "https://deno.land/std/http/server.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/http/server.ts.js" register_complete https://deno.land/std/http/server.ts fetch_source_file specifier: https://deno.land/std/encoding/utf8.ts ⚠️️ Granted network access to "https://deno.land/std/encoding/utf8.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/encoding/utf8.ts.js" register_complete https://deno.land/std/encoding/utf8.ts fetch_source_file specifier: https://deno.land/std/io/bufio.ts ⚠️️ Granted network access to "https://deno.land/std/io/bufio.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/io/bufio.ts.js" register_complete https://deno.land/std/io/bufio.ts fetch_source_file specifier: https://deno.land/std/testing/asserts.ts ⚠️️ Granted network access to "https://deno.land/std/testing/asserts.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/testing/asserts.ts.js" register_complete https://deno.land/std/testing/asserts.ts fetch_source_file specifier: https://deno.land/std/async/mod.ts ⚠️️ Granted network access to "https://deno.land/std/async/mod.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/async/mod.ts.js" register_complete https://deno.land/std/async/mod.ts fetch_source_file specifier: https://deno.land/std/http/_io.ts ⚠️️ Granted network access to "https://deno.land/std/http/_io.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/http/_io.ts.js" register_complete https://deno.land/std/http/_io.ts fetch_source_file specifier: https://deno.land/std/io/util.ts ⚠️️ Granted network access to "https://deno.land/std/io/util.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/io/util.ts.js" register_complete https://deno.land/std/io/util.ts fetch_source_file specifier: https://deno.land/std/fmt/colors.ts ⚠️️ Granted network access to "https://deno.land/std/fmt/colors.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/fmt/colors.ts.js" register_complete https://deno.land/std/fmt/colors.ts fetch_source_file specifier: https://deno.land/std/testing/diff.ts ⚠️️ Granted network access to "https://deno.land/std/testing/diff.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/testing/diff.ts.js" register_complete https://deno.land/std/testing/diff.ts fetch_source_file specifier: https://deno.land/std/async/deferred.ts ⚠️️ Granted network access to "https://deno.land/std/async/deferred.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/async/deferred.ts.js" register_complete https://deno.land/std/async/deferred.ts fetch_source_file specifier: https://deno.land/std/async/delay.ts ⚠️️ Granted network access to "https://deno.land/std/async/delay.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/async/delay.ts.js" register_complete https://deno.land/std/async/delay.ts fetch_source_file specifier: https://deno.land/std/async/mux_async_iterator.ts ⚠️️ Granted network access to "https://deno.land/std/async/mux_async_iterator.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/async/mux_async_iterator.ts.js" register_complete https://deno.land/std/async/mux_async_iterator.ts fetch_source_file specifier: https://deno.land/std/textproto/mod.ts ⚠️️ Granted network access to "https://deno.land/std/textproto/mod.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/textproto/mod.ts.js" register_complete https://deno.land/std/textproto/mod.ts fetch_source_file specifier: https://deno.land/std/http/http_status.ts ⚠️️ Granted network access to "https://deno.land/std/http/http_status.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/http/http_status.ts.js" register_complete https://deno.land/std/http/http_status.ts fetch_source_file specifier: https://deno.land/std/path/mod.ts ⚠️️ Granted network access to "https://deno.land/std/path/mod.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/mod.ts.js" register_complete https://deno.land/std/path/mod.ts fetch_source_file specifier: https://deno.land/std/bytes/mod.ts ⚠️️ Granted network access to "https://deno.land/std/bytes/mod.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/bytes/mod.ts.js" register_complete https://deno.land/std/bytes/mod.ts fetch_source_file specifier: https://deno.land/std/path/win32.ts ⚠️️ Granted network access to "https://deno.land/std/path/win32.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/win32.ts.js" register_complete https://deno.land/std/path/win32.ts fetch_source_file specifier: https://deno.land/std/path/posix.ts ⚠️️ Granted network access to "https://deno.land/std/path/posix.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/posix.ts.js" register_complete https://deno.land/std/path/posix.ts fetch_source_file specifier: https://deno.land/std/path/common.ts ⚠️️ Granted network access to "https://deno.land/std/path/common.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/common.ts.js" register_complete https://deno.land/std/path/common.ts fetch_source_file specifier: https://deno.land/std/path/separator.ts ⚠️️ Granted network access to "https://deno.land/std/path/separator.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/separator.ts.js" register_complete https://deno.land/std/path/separator.ts fetch_source_file specifier: https://deno.land/std/path/interface.ts ⚠️️ Granted network access to "https://deno.land/std/path/interface.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/interface.ts.js" register_complete https://deno.land/std/path/interface.ts fetch_source_file specifier: https://deno.land/std/path/glob.ts ⚠️️ Granted network access to "https://deno.land/std/path/glob.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/glob.ts.js" register_complete https://deno.land/std/path/glob.ts fetch_source_file specifier: https://deno.land/std/path/_constants.ts ⚠️️ Granted network access to "https://deno.land/std/path/_constants.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/_constants.ts.js" register_complete https://deno.land/std/path/_constants.ts fetch_source_file specifier: https://deno.land/std/path/_util.ts ⚠️️ Granted network access to "https://deno.land/std/path/_util.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/_util.ts.js" register_complete https://deno.land/std/path/_util.ts fetch_source_file specifier: https://deno.land/std/path/_globrex.ts ⚠️️ Granted network access to "https://deno.land/std/path/_globrex.ts" load_cache metadata version hash match compiled filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/path/_globrex.ts.js" register_complete https://deno.land/std/path/_globrex.ts DEBUG JS - sendSync op_listen_tls 42 ⚠️️ Granted network access to "0.0.0.0:443" ⚠️️ Granted read access to "/home/ec2-user/certbot/live/ridvanozaydin.com/cert.pem" ⚠️️ Granted read access to "/home/ec2-user/certbot/live/ridvanozaydin.com/privkey.pem" DEBUG JS - sendSync op_apply_source_map 5 DEBUG JS - sendSync op_apply_source_map 5 DEBUG JS - sendSync op_apply_source_map 5 DEBUG JS - sendSync op_apply_source_map 5 DEBUG JS - sendSync op_apply_source_map 5 source map filename: "/home/ec2-user/.cache/deno/gen/https/deno.land/std/http/server.ts.js.map" DEBUG JS - sendSync op_apply_source_map 5 source map filename: "/home/ec2-user/.cache/deno/gen/file/home/ec2-user/projects/linkedin/src/main.ts.js.map" error: Uncaught PermissionDenied: Permission denied (os error 13) at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11) at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10) at Object.listenTls ($deno$/ops/tls.ts:67:10) at listenTls ($deno$/tls.ts:51:22) at serveTLS (https://deno.land/std/http/server.ts:313:20) at file:///home/ec2-user/projects/linkedin/src/main.ts:9:20

tumile commented 4 years ago

Non-root process can't bind to 443. It's not deno's problem. Try 

sudo setcap cap_net_bind_service=+ep `deno run --allow-net --allow-read mod.ts`

That said, the error message would be improved by including corresponding path...

It should probably have something like this

let std_listener = std::net::TcpListener::bind(&addr)
    .expect(&format!("Can't bind to {}", addr));
Lonniebiz commented 4 years ago

@tumile The documentation should warn about what you've mentioned. I changed the port from 443 to 4433 and avoided the permission error, while running ssl as a local user: testDeno.zip badCertificate

However, It looks like I'm going to have to submit another bug about Deno being too picky about self-signed SSL certificates: https://github.com/denoland/deno/issues/5931

ralyodio commented 2 years ago

I get this error when tyring to use puppeteer

error: Uncaught (in promise) PermissionDenied: Permission denied (os error 13)
    this.proc = Deno.run({
                     ^
    at Object.opSync (deno:core/01_core.js:172:12)
    at opRun (deno:runtime/js/40_process.js:28:17)
    at Object.run (deno:runtime/js/40_process.js:111:17)
    at BrowserRunner.start (https://deno.land/x/puppeteer@14.1.1/src/deno/BrowserRunner.ts:63:22)
    at ChromeLauncher.launch (https://deno.land/x/puppeteer@14.1.1/src/deno/Launcher.ts:108:12)
lucacasonato commented 2 years ago

@ralyodio Your error is unrelated to this issue. That "Permission denied" error is coming from the operating system, not from Deno. Your user account does not have the right privileges to execute the Chromium binary.

jimisaacs commented 1 year ago

I was fighting and fighting with this error:

error: Permission denied (os error 13)

during this command:

setuidgid $MY_USER deno cache --import-map ./import_map.json --lock ./deno.lock main.ts

What fixed it was simply one of these:

chown $MY_USER deno.lock

or

chmod 666 deno.lock

Keep in mind 664 did NOT work. So something is requiring write permissions on the lock file.

csvn commented 1 year ago

I encountered the same error message:

error: Permission denied (os error 13)

For me, this occurred while using deno compile to compile an executable, committing it, and trying to run it on CI. I was able to solve it by running modifying file permission via Git:

git update-index --chmod=+x <path_to_file>
# Commit & push
idotobi commented 1 year ago

Not sure if this is the cause for your issue, but I had something very similar:

❯ deno run do_stuff
✅ Granted read access to "/home/me/somefile.txt".
error: Uncaught (in promise) PermissionDenied: Permission denied (os error 13): readfile '/home/me/somefile.txt'
const token = await Deno.readTextFile(`/home/me/somefile.txt`);
              ^
    at async Object.readTextFile (ext:deno_fs/30_fs.js:747:18)
    at async file:////home/me/do_stuff.ts:39:15

with all permissions for the file and it's containing directory being correct.

Then I realized that I had installed deno using snap :see_no_evil:. Uninstalling it from snap and then installing it as described in https://docs.deno.com/runtime/manual/getting_started/installation fixed the issue for me.

If you want to play around I just learned that you can also give a snap package additional permissions.

# list connections
snap connections deno 

# add access to home directory
snap connect deno:home :home

Though note that I haven't tried this out myself yet. Only got it from ChatGPT and double checked the docs.

mebtte commented 5 months ago

Not sure if this is the cause for your issue, but I had something very similar:

❯ deno run do_stuff
✅ Granted read access to "/home/me/somefile.txt".
error: Uncaught (in promise) PermissionDenied: Permission denied (os error 13): readfile '/home/me/somefile.txt'
const token = await Deno.readTextFile(`/home/me/somefile.txt`);
              ^
    at async Object.readTextFile (ext:deno_fs/30_fs.js:747:18)
    at async file:////home/me/do_stuff.ts:39:15

with all permissions for the file and it's containing directory being correct.

Then I realized that I had installed deno using snap 🙈. Uninstalling it from snap and then installing it as described in https://docs.deno.com/runtime/manual/getting_started/installation fixed the issue for me.

If you want to play around I just learned that you can also give a snap package additional permissions.

# list connections
snap connections deno 

# add access to home directory
snap connect deno:home :home

Though note that I haven't tried this out myself yet. Only got it from ChatGPT and double checked the docs.

I removed deno from snap and install by script, and the problem solved.

lucacasonato commented 1 month ago

I suspect the initial issue is related to missing OS permissions to listen on port 443.

I am going to close this, because I don't see what we can do to fix this. The underlying issue here is an OS permission error, not a Deno error.