Linux file permissions conundrum

Date: 25 July 2025
Category: Linux

I've recently been setting up a new server and ran into a file permissions issue I hadn't encountered before, and it took me hours to figure out.

So I've been setting up IconPusher on the new server, the API runs as a WAR file over Jetty9 which takes the uploaded app icons and puts them in the directory for the img subdomain.

However, once this was running on the new server, no matter what I tried, I was given a 'read only filesystem'.

I checked the usual suspects of directory permissions, Apparmor and SELinux... everything looked as it should be.

What I did in the end was to check the Jetty service to see what conditions were in effect. to do this I ran the command:

sudo systemctl cat jetty9

and this highlighted the issue:

Under the Security section was this line:

ProtectSystem=strict

So now I knew this was the cause, I could whitelist the directory I'm writing to.

This can be achieved by entering the following command:

sudo systemctl edit jetty9 

And then entering the following:

[Service]
ReadWritePaths=/path/to/my/directory

This creates a new file at /etc/systemd/system/jetty9.service.d/override.conf so it can be modified here if preferred.

After adding this you need to reload the daemon:

sudo systemctl daemon-reload

And the jetty9 service:

sudo service jetty9 restart

Then you can check that the change is in effect with the following:

sudo systemctl cat jetty9