search cancel

Showing "Permission denied" on IAM file keycloak.lock.db

book

Article ID: 243855

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Seeing issues with our IAM not starting and seeing below errors (in IAM logs).

DevTest install folder has ownership of app.

2022-06-14 09:12:34,004 INFO  [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal

2022-06-14 09:12:34,017 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 46) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)

Caused by: java.lang.RuntimeException: Failed to connect to database

        at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:373)

*

*

*

Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS

        at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:146)

        at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)

        at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:367)

        ... 40 more

Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS

        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:690)

        at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:430)

        at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)

        at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:138)

        ... 42 more

Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection

        at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)

 

Caused by: org.h2.jdbc.JdbcSQLException: Error opening database: "Could not save properties /opt/apps/devtest/IdentityAccessManager/standalone/data/keycloak.lock.db" [8000-193]

        at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)

        at org.h2.message.DbException.get(DbException.java:168)

        at org.h2.store.FileLock.getExceptionFatal(FileLock.java:455)

        at org.h2.store.FileLock.save(FileLock.java:222)

        at org.h2.store.FileLock.lockFile(FileLock.java:349)

        at org.h2.store.FileLock.lock(FileLock.java:135)

 

Caused by: java.io.FileNotFoundException: /opt/apps/devtest/IdentityAccessManager/standalone/data/keycloak.lock.db (Permission denied)

        at java.io.FileOutputStream.open0(Native Method)

 

  IAM is using embedded database.

Environment

Release : 10.6

Component : DevTest Identity Access Manager

Cause

Permission issue on file IAM_HOME/standalone/data/keycloak.lock.db has root permissions instead of app and caused the issue.

Resolution

Changing the ownership of the file IAM_HOME/standalone/data/keycloak.lock.db to app, IAM started with no issues.