linuxamazon-web-servicesamazon-ec2amazon-amiaws-opsworks

AWS ami cannot execute file from attached volume

I have created ami with two volumes attached as following:

[ec2-user@ip-192-***** ~]$ lsblk
NAME                             MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
nvme0n1                          259:0    0  100G  0 disk
├─nvme0n1p1                      259:1    0  100G  0 part /
└─nvme0n1p128                    259:2    0    1M  0 part
nvme2n1                          259:3    0  320G  0 disk
├─hardenedpartitions-tmp         253:0    0   25G  0 lvm  /var/tmp
├─hardenedpartitions-home        253:1    0   25G  0 lvm  /home
├─hardenedpartitions-var         253:2    0   35G  0 lvm  /var
├─hardenedpartitions-varlog      253:3    0   25G  0 lvm  /var/log
└─hardenedpartitions-varlogaudit 253:4    0   16G  0 lvm  /var/log/audit
nvme1n1                          259:4    0  320G  0 disk


[root@ip-192-**** ec2-user]# df -h
 Filesystem                                  Size  Used Avail 
 Use% Mounted on
 devtmpfs                                    3.8G     0  3.8G   0% /dev
 tmpfs                                       3.8G     0  3.8G   0% /dev/shm
 tmpfs                                       3.8G  520K  3.8G   1% /run
tmpfs                                       3.8G     0  3.8G   0% 
/sys/fs/cgroup
/dev/nvme0n1p1                              100G  1.7G   99G   2% /
/dev/mapper/hardenedpartitions-home          25G  436M   23G   2% /home
/dev/mapper/hardenedpartitions-var           35G  407M   33G   2% /var
/dev/mapper/hardenedpartitions-tmp           25G   64K   24G   1% /tmp
/dev/mapper/hardenedpartitions-varlog        25G   42M   24G   1% /var/log
/dev/mapper/hardenedpartitions-varlogaudit   16G  880K   15G   1% /var/log/audit
tmpfs                                       774M     0  774M   0% /run/user/1000
tmpfs                                       774M     0  774M   0% /run/user/0

I am trying to boot an instance from this ami in opsworks with it being stacked in the boot in opsworks(still shows that it starts in ec2). After sshing into the instance and inspecting the logs in /var/logs/aws/opsworks/ I see the following:

[Tue, 28 Jun 2022 14:44:13 +0000] opsworks-init: Starting: Download Installer.
 /var/lib/cloud/instance/scripts/part-002: line 433: /tmp/opsworks-agent- 
 downloader.sh: Permission denied

Then doing smth like that does not work:

[root@ip-192-**** ec2-user]# chmod 777 /tmp/opsworks-agent-downloader.sh
[root@ip-192-**** ec2-user]# ls -la /tmp/opsworks-agent-downloader.sh
 -rwxrwxrwx 1 root root 7045 Jun 28 14:44 /tmp/opsworks-agent-downloader.sh
[root@ip-**** ec2-user]# /tmp/opsworks-agent-downloader.sh
 bash: /tmp/opsworks-agent-downloader.sh: Permission denied

Any ideas why I cannot run this file as root from attached volume?

Solution

  • So the problem was with the way how volume had been attached to the instance. Specifically, the line that had been added into /etc/fstab file, smth like that:

    mount /dev/hardenedpartitions/tmp ..... noexec .....

    This noexec specifies that no files can be executed even if you have the correct permission. So removing that helped in booting instance in opsworks.