AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Lambda runtime - Permissio denied

1

Hi,
I've been playing with Greengrass Core for a while (installed on Nvidia Jetson Nano). I installed 1.11 version and deployed my lambda. Everything was working as expected.
Yesterday new version showed up so I removed the previous GGC and installed V2 instead. I deployed my lambda (exactly the same) code to new GGC (V2) and code is not working. This is what I see in the logs:
2020-12-16T13:50:10.509Z [ERROR] (pool-2-thread-41) Greengrass_HelloWorld: /usr/bin/python3.7: can't open file '/home/greengrass/v2/work/Greengrass_HelloWorld/work/worker/0/runtime/python/lambda_runtime.py': [Errno 13] Permission denied. {serviceInstance=0, serviceName=Greengrass_HelloWorld, currentState=RUNNING}

When I'm checking the the file lambda_runtime.py it has 'r' (read) access for all (user/group/other). Any idea what is happening? As I understand I'm not controlling the runtime code so how can I fix it?

주제
사물 인터넷(IoT)
태그
AWS IoT Greengrass
언어
English
Szymon999
질문됨 3년 전206회 조회
6개 답변
0

Hi Szymon999,

Can you list the permissions on the following directories?

  • /home
  • /home/greengrass
  • /home/greengrass/v2

Is the lambda configured to run in NoContainer mode or GreengrassContainer mode?

Greengrass manages the permissions of the directories within its installation directory. In order to run the processes as different users though, the user needs to have read + execute permission on the directory hierarchy up to the artifact that is being executed.

I suspect that /home/greengrass needs be chmod og+rx

AWS
Rob
답변함 3년 전
0

Hi Szymon999,

Thanks for using Greengrass v2. Can you share some details about your GGC setup?

  1. What is the component-default-user in the initial setup? Did you configure the user while deploying the lambda component?
  2. Can you enable debug logging and provide more logs?
  3. Can you provide the config files at /home/greengrass/v2/config/config.tlog and /home/greengrass/v2/config/effectiveConfig.yaml? Make sure you mask out the sensitive information if any.

Thanks,
Hui

AWS-User-5233880
답변함 3년 전
0

Hi,
This problem was indeed caused by the permission issues. I found that components are executed by ggc_user (configured at the installation) and I had to grant /home/greengrass dir correct permissions.
Thanks.

Szymon999
답변함 3년 전
0

Hi,

can you provide the command to do that?

I have got the same issue, what is weird it is working on another core ....
Hope it's the same issue ..

Thanks

jujuz7777777
답변함 3년 전
0

Yes, can you please provide a more verbose answer on this topic, thanks!

bnjmn
답변함 3년 전
0

I am also new to this greengrass v2. So I may be wrong.
I beileve that permissions are given to ggc_user and ggc_group as component-default-user if you don't explicitly specify other user name and group name when you create component. So you have to add ggc_user as user and ggc_group as group as system like below. I think that you have to do it every device manually.

Log into your device by SSH and do the next both two lines sudo adduser and sudo addgroup as shown in
https://docs.amazonaws.cn/en_us/greengrass/v1/developerguide/setup-filter.rpi.html

sudo adduser --system ggc_user
sudo addgroup --system ggc_group

For the first core device, you might have done this but for the second one, you might have forgotten to do this again.
Hope this helps you.

jx2900
답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠