Security Server UI Does Not Open in a Hardened Environment
Problem
In hardened, high security environments accessing Security Server UI generates the error message below.
Xroad-jetty process writes temporary files to /tmp directory. If /tmp directory is mounted with 'noexec' flag, Jetty is not able to write temporary files there and therefore accessing Security Server UI returns an error message.
Solution
In hardened, high security environments it is typically required to mount /tmp directory with 'noexec' flag. Therefore, the problem cannot be solved by removing the 'noexec' flag. Instead, an alternate tmp directory with required permissions is created.
Create a new tmp folder in /etc/xroad/services directory and give xroad user read, write and execute permissions to it.
cd /home/xroad/ mkdir tmp chown xroad:xroad tmp chmod 700
Go to /etc/xroad/services directory and copy the below Jetty configuration parameters to local.conf file, including the property for new directory (-Djava.io.tmpdir) for temporary files:
JETTY_PARAMS=" $JETTY_PARAMS -Djava.io.tmpdir=/home/xroad/tmp/ "
Restart the Jetty process:
# Ubuntu service xroad-jetty restart # RHEL systemctl restart xroad-jetty
- After Jetty has been restarted Security Server UI should be accessible again.
Related articles