Closed stupkad closed 1 year ago
recrsn
commented
1 year ago I have a theory why it happened.
Previously we used to compile the binaries in Ubuntu 14.04 with GCC 4.8 with a umask of 0744. Since 14.04 is EOL and we still need to support CentOS 7, the latest release was compiled in CentOS whose default umask is 0700.
Thanks for pointing out the issue, I'll fix the CI script and update the binaries.
mfaheemakhtar
commented
1 year ago Glad I was able to find this issue. I have been trying to figure out why production deployments are failing on AWS Beanstalk.
djMax
commented
1 year ago Will there be a fix deployed for this? I have a workaround in my dockerfile for this at the moment and I'd love to get rid of it.
recrsn
commented
1 year ago The new binaries are up. Let me know if reinstalling your dependencies work fine
djMax
commented
1 year ago We somehow did this without a version bump? What kind of dark magic...??!?
recrsn
commented
1 year ago Just needed to re-trigger a CI build with the correct umask, doesn't need a release
We are using bcrypt for password hashing, works fine.
Today we experienced a strange issue, after fresh deployment and npm install our app did not start up any longer. We figured out the permission of the file node_modules/bcrypt/lib/binding/napi-v3/bcrypt_llib.node changed, now only the linux owner has rwx permissions. Previously, group and other where granted rx as well.
We can fix the issue by changing the owner of the node_modules, but for security reasons we wanted to limit the executing process to only have read permissions for the code directory...
Could someone explain, what this file is for? Any why the permissions after npm could be now different than a couple of weeks ago? Worth to mention, we switched to bcrypt 5.1 - but AFTER this issue arised.
Oct 11 16:45:20 xxx[33237]: node:internal/modules/cjs/loader:1210 Oct 11 16:45:20 xxx[33237]: return process.dlopen(module, path.toNamespacedPath(filename)); Oct 11 16:45:20 xxx[33237]: ^ Oct 11 16:45:20 xxx[33237]: Error: /srv/sitya/elearning/versions/20221011-164446-api/node_modules/bcrypt/lib/binding/napi-v3/bcrypt_lib.node: cannot open shared object file: Permission denied Oct 11 16:45:20 xxx[33237]: at Object.Module._extensions..node (node:internal/modules/cjs/loader:1210:18) Oct 11 16:45:20 xxx[33237]: at Module.load (node:internal/modules/cjs/loader:1004:32) Oct 11 16:45:20 xxx[33237]: at Function.Module._load (node:internal/modules/cjs/loader:839:12) Oct 11 16:45:20 xxx[33237]: at Module.require (node:internal/modules/cjs/loader:1028:19) Oct 11 16:45:20 xxx[33237]: at require (node:internal/modules/cjs/helpers:102:18) Oct 11 16:45:20 xxx[33237]: at Object. (/srv/sitya/elearning/versions/20221011-164446-api/node_modules/bcrypt/bcrypt.js:6:16)
Oct 11 16:45:20 xxx[33237]: at Module._compile (node:internal/modules/cjs/loader:1126:14)
Oct 11 16:45:20 xxx[33237]: at Object.Module._extensions..js (node:internal/modules/cjs/loader:1180:10)
Oct 11 16:45:20 xxx[33237]: at Module.load (node:internal/modules/cjs/loader:1004:32)
Oct 11 16:45:20 xxx[33237]: at Function.Module._load (node:internal/modules/cjs/loader:839:12) {
Oct 11 16:45:20 xxx[33237]: code: 'ERR_DLOPEN_FAILED'
Oct 11 16:45:20 xxx[33237]: }
Regards, Dietmar