Security Server UI Does Not Open in a Hardened Environment


In hardened, high security environments accessing Security Server UI generates the error message below.

Xroad-jetty process writes temporary files to /tmp directory. If /tmp directory is mounted with 'noexec' flag, Jetty is not able to write temporary files there and therefore accessing Security Server UI returns an error message.


In hardened, high security environments it is typically required to mount /tmp directory with 'noexec' flag. Therefore, the problem cannot be solved by removing the 'noexec' flag. Instead, an alternate tmp directory with required permissions is created.

  1. Create a new tmp folder in /etc/xroad/services directory and give xroad user read, write and execute permissions to it.

    cd /home/xroad/
    mkdir tmp
    chown xroad:xroad tmp
    chmod 700
  2. Go to /etc/xroad/services directory and copy the below Jetty configuration parameters to local.conf file, including the property for new directory ( for temporary files:

  3. Restart the Jetty process:

    # Ubuntu
    service xroad-jetty restart 
    # RHEL
    systemctl restart xroad-jetty 
  4. After Jetty has been restarted Security Server UI should be accessible again.