Search Engine: Elastic

Article ID: 133927, created on Apr 15, 2019, last review on Apr 15, 2019

  • Applies to:
  • Operations Automation


After switching the Brand to new UI node the following issues can be observed:

  1. Brand cannot be opened in browser due to 403 error with the corresponding message in error_log on UI node:

    [Fri Mar 29 09:28:26.343851 2019] [core:crit] [pid 69870:tid 140426858010368] (13)Permission denied: [client X.X.X.X:60628] AH00529: /var/www/brands/test.cloudbluetestdom.tld/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/brands/test.cloudbluetestdom.tld/' is executable, referer: https://test.cloudbluetestdom.tld/cp/
  2. Files for brand are being created with 0640 permissions instead 0644 observed in core.log on UI node:

    Mar 29 09:24:54.063 : DBG [task:3196316:594 77:112033:7f7c34ff9700 lib ]: [ HCL::HCLProcessor::process] Processing CREATEFILE(group="${defgrp}", overwrite="yes", owner="${defuser}", path="/var/www/brands/test.cloudbluetestdom.tld/.htaccess", perm="0644")
    [root@UI]# ls -lah /var/www/brands/test.cloudbluetestdom.tld/
    total 32K
    drwx--x--x  3 root root 4.0K Mar 25 06:41 .
    drwx--x--x 16 root root 4.0K Mar 27 23:31 ..
    -rw-r--r--  1 root root  978 Mar 25 06:41 404.html
    drw-r-----  2 root root 4.0K Mar 25 06:41 additional_files
    -rw-r-----  1 root root 4.5K Mar 25 06:41 .htaccess
    -rw-r-----  1 root root  978 Mar 25 06:41 index.html
    -rw-r-----  1 root root  773 Mar 25 06:41 proxy-error.html
  3. If manually specify the correct permissions for brand files to make login into brand possible, not all locales are being displayed in PCP > System > Settings > Locales, while locale is installed on UI node per documentation.


Custom scripts on UI node in /etc/profile.d/ or /etc/init.d/functions directory are forcibly setting umask value equal to 027 which is affecting brand files creation by OA components:

[root@UI]# grep -RFin umask /etc/profile*
/etc/profile:55:# By default, we want umask to get set. This sets it for login shell
/etc/profile:60:    umask 002
/etc/profile:62:    umask 022
/etc/profile.d/ 027
/etc/profile.d/ 027


  1. Change umask in the affected scripts to 022 to allow correct creation of the brand files by OA components.
  2. Restart pa-agent service on UI node as the following:

    [root@UI]# service pa-agent restart
  3. Clear brand cache:

    [root@UI]# rm -rf /var/cache/brands/*
  4. Switch brand to old UI node and back to the new one to automatically recreate all files with the correct permissions.

5356b422f65bdad1c3e9edca5d74a1ae 8fc71f07abe5b233fea1ae0377cd5e3d

Email subscription for changes to this article
Save as PDF