IBM Support

QRadar: Deploy changes Failed: FileNotFoundException: /store/tmp/status/addhost.txt (Permission denied)

Troubleshooting


Problem

This article explains how to diagnose and resolve when deployment changes fail, especially for the console, due to the FileNotFoundException for files under the /store/tmp directory.

Symptom

When you perform the deployment changes, it directly goes into an error state. And found the following error traces in the qradar.log.
 
127.0.0.1 [tomcat.tomcat] [xxxxxxxx (1030) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] java.io.FileNotFoundException: /store/tmp/status/addhost.txt (Permission denied)
127.0.0.1 [tomcat.tomcat] [xxxxxxxx (5985) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] java.io.FileNotFoundException: /store/tmp/forensics.yar (Permission denied)

Cause

This issue happens because the folder /store/tmp is not a symbolic link to /storetmp. Also, its permission is compared to the /storetmp folder.

Diagnosing The Problem

Use the command ls -l to check whether a  symbolic link is created, and the owner must be nobody: nobody. If the output of ls -l /store/tmp is not the same as the following, you need to check the Resolving the problem section.
[root@xxxxx~]# ls -l /store/tmp
lrwxrwxrwx 1 nobody nobody 10 Jan  4  2022 /store/tmp -> /storetmp

Resolving The Problem

Follow the below steps to resolve the issue.
  1. Create a new Symbolic link by using the following command.
    # ln -s /storetmp /store/tmp
  2. Change ownership of /store/tmp & /store/tmp/status.
    # chown -h nobody:nobody /store/tmp
    # chown -h nobody:nobody /store/tmp/status
  3. Check the check /store/tmp is a symbolic link, and the owner is nobody.
    # ls -l /store/tmp
    lrwxrwxrwx 1 nobody nobody 10 Jan  4  2022 /store/tmp -> /storetmp/
  4. Perform the deployment changes.
  • Result
    After you assign the symbolic link and required ownership, deployment changes will be completed successfully.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS012772811","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
29 August 2023

UID

ibm17001779