When trying to view the Tim packet Statistics or Timlog files, the browser displays an error indicating no permission to the file e.g.
Cannot read /etc.wily/cem/tim/logs/protocolstats1/2013-08-13.csv: [Errno 13] Permission denied: '/etc.wily/cem/tim/logs/protocolstats1/2013-08-13.csv'
Inspection of the file in the file system using 'ls -al' shows that the file permissions are:
-rw-r----- 1 root root 25031 Aug 13 06:24 2013-08-13.csv
In this situation, when logged in as root, the umask is set to 0022. So, the default file creation umask for a logged in user would be okay.
However, the TIM process runs as a daemon which is not owned by any logged in user.
For daemon processes, there is another file which can be modified to set a different default umask for processes running as a daemon.
In this case, the umask had been manually modified for daemon processes as follows:
A umask of 027 results in file permissions of:
Which are readable only by the daemon process owner and users who are members of the daemon process owner's group.
There are two possible solutions for this:
- Remove the umask 027 from the /etc/sysconfig/init file. The disadvantage is that it will affect all daemon processes on the system and not just the TIM daemon. At some sites, this may violate security requirements.
- Edit the /etc/rc.d/rc.tim file to explicitly set the default umask for the TIM daemon processes only. The umask setting in rc.tim overrides the global setting in the init file.
Here is an example of a portion of an rc.tim file which has been modified to set a default umask to 022:
# Start/stop Tim (Transaction Impact Monitor)
# /etc/wily/cem/tim should be a symbolic link to the current # tim directory. # set umask to overwrite anything in /etc/sysconfig/init umask 022