By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Lambda runtime - Permissio denied

1

Hi,
I've been playing with Greengrass Core for a while (installed on Nvidia Jetson Nano). I installed 1.11 version and deployed my lambda. Everything was working as expected.
Yesterday new version showed up so I removed the previous GGC and installed V2 instead. I deployed my lambda (exactly the same) code to new GGC (V2) and code is not working. This is what I see in the logs:
2020-12-16T13:50:10.509Z [ERROR] (pool-2-thread-41) Greengrass_HelloWorld: /usr/bin/python3.7: can't open file '/home/greengrass/v2/work/Greengrass_HelloWorld/work/worker/0/runtime/python/lambda_runtime.py': [Errno 13] Permission denied. {serviceInstance=0, serviceName=Greengrass_HelloWorld, currentState=RUNNING}

When I'm checking the the file lambda_runtime.py it has 'r' (read) access for all (user/group/other). Any idea what is happening? As I understand I'm not controlling the runtime code so how can I fix it?

Topics
Internet of Things (IoT)
Tags
AWS IoT Greengrass
Language
English
Szymon999
asked 3 years ago202 views
6 Answers
0

Hi Szymon999,

Can you list the permissions on the following directories?

  • /home
  • /home/greengrass
  • /home/greengrass/v2

Is the lambda configured to run in NoContainer mode or GreengrassContainer mode?

Greengrass manages the permissions of the directories within its installation directory. In order to run the processes as different users though, the user needs to have read + execute permission on the directory hierarchy up to the artifact that is being executed.

I suspect that /home/greengrass needs be chmod og+rx

AWS
Rob
answered 3 years ago
0

Hi Szymon999,

Thanks for using Greengrass v2. Can you share some details about your GGC setup?

  1. What is the component-default-user in the initial setup? Did you configure the user while deploying the lambda component?
  2. Can you enable debug logging and provide more logs?
  3. Can you provide the config files at /home/greengrass/v2/config/config.tlog and /home/greengrass/v2/config/effectiveConfig.yaml? Make sure you mask out the sensitive information if any.

Thanks,
Hui

AWS-User-5233880
answered 3 years ago
0

Hi,
This problem was indeed caused by the permission issues. I found that components are executed by ggc_user (configured at the installation) and I had to grant /home/greengrass dir correct permissions.
Thanks.

Szymon999
answered 3 years ago
0

Hi,

can you provide the command to do that?

I have got the same issue, what is weird it is working on another core ....
Hope it's the same issue ..

Thanks

jujuz7777777
answered 3 years ago
0

Yes, can you please provide a more verbose answer on this topic, thanks!

bnjmn
answered 3 years ago
0

I am also new to this greengrass v2. So I may be wrong.
I beileve that permissions are given to ggc_user and ggc_group as component-default-user if you don't explicitly specify other user name and group name when you create component. So you have to add ggc_user as user and ggc_group as group as system like below. I think that you have to do it every device manually.

Log into your device by SSH and do the next both two lines sudo adduser and sudo addgroup as shown in
https://docs.amazonaws.cn/en_us/greengrass/v1/developerguide/setup-filter.rpi.html

sudo adduser --system ggc_user
sudo addgroup --system ggc_group

For the first core device, you might have done this but for the second one, you might have forgotten to do this again.
Hope this helps you.

jx2900
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content