Mattermost, Inc.

Plugins Permissions fail

What are permissions for plugins?

I gave aog+rwx mattermost:mattermost

{"level":"error","ts":1581891337.668472,"caller":"mlog/log.go:174","msg":"Unable to activate plugin","plugin_id":"github","error":"unable to start plugin: github: fork/exec /usr/local/www/mattermost/plugins/github: permission denied","errorVerbose":"fork/exec /usr/local/www/mattermost/plugins/github: permission denied\nunable to start plugin: github\ngithub.com/mattermost/mattermost-server/v5/plugin.(*Environment).Activate\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/plugin/environment.go:251\ngithub.com/mattermost/mattermost-server/v5/app.(*App).SyncPluginsActiveState\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/plugin.go:106\ngithub.com/mattermost/mattermost-server/v5/app.(*App).InitPlugins.func2\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/plugin.go:197\ngithub.com/mattermost/mattermost-server/v5/config.(*emitter).invokeConfigListeners.func1\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/emitter.go:35\nsync.(*Map).Range\n\t/usr/local/go/src/sync/map.go:333\ngithub.com/mattermost/mattermost-server/v5/config.(*emitter).invokeConfigListeners\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/emitter.go:33\ngithub.com/mattermost/mattermost-server/v5/config.(*commonStore).set\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/common.go:90\ngithub.com/mattermost/mattermost-server/v5/config.(*FileStore).Set\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/file.go:107\ngithub.com/mattermost/mattermost-server/v5/app.(*Server).UpdateConfig\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/config.go:53\ngithub.com/mattermost/mattermost-server/v5/app.(*App).UpdateConfig\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/config.go:59\ngithub.com/mattermost/mattermost-server/v5/app.(*App).EnablePlugin\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/plugin.go:341\ngithub.com/mattermost/mattermost-server/v5/api4.enablePlugin\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/api4/plugin.go:305\ngithub.com/mattermost/mattermost-server/v5/web.Handler.ServeHTTP\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/web/handlers.go:163\ngithub.com/NYTimes/gziphandler.GzipHandlerWithOpts.func1.1\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/vendor/github.com/NYTimes/gziphandler/gzip.go:336\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/vendor/github.com/gorilla/mux/mux.go:212\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2802\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1890\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1357"}

Hello, @busy

May I know if you have tried to run the following command on your Mattermost Server terminal and verify that the issue is fixed?

sudo chown mattermost:mattermost /opt/mattermost/

Let me know how it goes.

I am using FreeBSD version that lands into /usr/local/www/mattermost
I gave all folders user mattermost and this did not help.

I did follow https://pushpanel.io/2020/mattermost-5-19-setup-on-freebsd-12-1-inside-a-jail/ steps.

{“level”:“error”,“ts”:1581980204.8666434,“caller”:“mlog/log.go:174”,“msg”:“Unable to restart plugin on upgrade.”,“path”:"/api/v4/plugins/marketplace",“request_id”:“xxx”,“ip_addr”:“xxx”,“user_id”:“xxx”,“method”:“POST”,“err_where”:“installPluginLocally”,“http_code”:500,“err_details”:“unable to start plugin: jenkins: fork/exec /usr/local/www/mattermost/plugins/jenkins: permission denied”}

#ls -la /usr/local/www/mattermost/plugins/jenkins
total 6
drwxr–r-- 4 mattermost mattermost 6 17 Feb 22:56 .
drwxr–r-- 3 mattermost mattermost 3 17 Feb 22:56 …
-rw-r–r-- 1 mattermost mattermost 0 17 Feb 22:56 .filestore
drwxr–r-- 2 mattermost mattermost 3 17 Feb 22:56 assets
-rw-r–r-- 1 mattermost mattermost 1186 17 Feb 22:56 plugin.json
drwxr–r-- 3 mattermost mattermost 3 17 Feb 22:56 server

Maybe there is a way to debug the problem more deeply?

Hello, @busy

Thanks for the clarification. Can you please run the command below and share the output?

ps -ef | grep mattermost

Also, can you also try to grant permission across the entired Mattermost folder using the command below and observe if you are still facing issues with the plugin permission?

sudo chown mattermost:mattermost /usr/local/www/mattermost

#ps -ewwf | grep mattermost
25411 2 IJ 0:00.01 VENDOR=amd SSH_CLIENT= 54147 22 LOGNAME=root jail_mattermost_exec_stop= PAGER=more LANG=en_US.UTF-8 OSTYPE=FreeBSD MACHTYPE=x86_64 MAIL=/var/mail/root jail_mattermost_parameters= jail_mattermost_exec_start=/bin/sh /etc/rc PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin jail_mattermost_post_start_script= jail_mattermost_hostname=mattermost EDITOR=vi HOST=man001 REMOTEHOST= jail_mattermost_forceblocking= jail_mattermost_attachblocking= jail_mattermost_parentzfs=tank/root/jails jail_mattermost_cpuset= PWD=/root jail_mattermost_ip=em1|,em0| GROUP=wheel TERM=xterm-256color SSH_TTY=/dev/pts/2 HOME=/root USER=root jail_mattermost_rootdir=/usr/jails/mattermost jail_mattermost_retention_policy= SSH_CONNECTION= 54147 22 jail_mattermost_devfs_ruleset=devfsrules_jail HOSTTYPE=FreeBSD SHELL=/bin/csh jail_mattermost_fib= jail_mattermost_procfs_enable=YES jail_mattermost_mount_enable=YES jail_mattermost_fdescfs_enable=YES MM_CHARSET=UTF-8 jail_mattermost_attachparams= jail_mattermost_imagetype=zfs jail_mattermost_image= jail_mattermost_zfs_datasets= jail_mattermost_devfs_enable=YES BLOCKSIZE=K SHLVL=1 login [pam] (login)

All folders are mattermost:mattermost, even tried to /usr/local/www with aog+rwx ; did not help; did try even change permission on the fly when mattermost is extracting plugin. restarting service did not make anything.

Upgrade to package: mattermost to 5.19.1 and still getting a problem:

{"level":"error","ts":1584695137.1472464,"caller":"mlog/log.go:174","msg":"Unable to activate plugin","plugin_id":"mattermost-autolink","error":"unable to start plugin: mattermost-autolink: fork/exec /usr/local/www/mattermost/plugins/mat
termost-autolink: permission denied","errorVerbose":"fork/exec /usr/local/www/mattermost/plugins/mattermost-autolink: permission denied\nunable to start plugin: mattermost-autolink\ngithub.com/mattermost/mattermost-server/v5/plugin.(*Env
ironment).Activate\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/plugin/environment.go:251\ngithub.com/mattermost/mattermost-server/v5/app.(*App).SyncPluginsActiveState\n\t/wrkdirs/usr/ports/www/mattermost-ser
ver/work/mattermost-server-5.19.1/app/plugin.go:106\ngithub.com/mattermost/mattermost-server/v5/app.(*App).InitPlugins.func2\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/plugin.go:197\ngithub.com/mattermo
st/mattermost-server/v5/config.(*emitter).invokeConfigListeners.func1\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/emitter.go:35\nsync.(*Map).Range\n\t/usr/local/go/src/sync/map.go:333\ngithub.com/matt
ermost/mattermost-server/v5/config.(*emitter).invokeConfigListeners\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/emitter.go:33\ngithub.com/mattermost/mattermost-server/v5/config.(*commonStore).set\n\t/
wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/config/common.go:90\ngithub.com/mattermost/mattermost-server/v5/config.(*FileStore).Set\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/confi
g/file.go:107\ngithub.com/mattermost/mattermost-server/v5/app.(*App).SaveConfig\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/config.go:382\ngithub.com/mattermost/mattermost-server/v5/app.(*App).EnablePlug
in\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/app/plugin.go:346\ngithub.com/mattermost/mattermost-server/v5/api4.enablePlugin\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/api4/p
lugin.go:305\ngithub.com/mattermost/mattermost-server/v5/web.Handler.ServeHTTP\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/web/handlers.go:163\ngithub.com/NYTimes/gziphandler.GzipHandlerWithOpts.func1.1\n\t/
wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/vendor/github.com/NYTimes/gziphandler/gzip.go:336\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/gorilla/mux.(*Router).ServeH
TTP\n\t/wrkdirs/usr/ports/www/mattermost-server/work/mattermost-server-5.19.1/vendor/github.com/gorilla/mux/mux.go:212\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2802\nnet/http.(*conn).serve\n\t/usr/local/g
o/src/net/http/server.go:1890\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1357"}

I found possible issue:

inside server: /model/manifest.go there is no definition for FreeBSD lines: 265/273
then by looking on plugin manifests: https://github.com/mattermost/mattermost-plugin-jenkins/blob/master/plugin.json There is no FreeBSD definition.
https://developers.mattermost.com/extend/plugins/manifest-reference/#backend

Does it mean that plugins on FreeBSD are not supported?

Hello, I had the same problem, don’t know if you’ve solved it yet?

@busy I’m not sure about that so I’ve asked our developers. When they get back to me I’ll let you know.