Solving file upload issues in DSpace on Ubuntu

The Problem: Tomcat’s Security Sandbox

If you install Tomcat 9 or 10 using the default Ubuntu package manager (apt), it comes with strict security settings. Even if your folder permissions look correct on the surface, Ubuntu's systemd configuration prevents Tomcat from writing files to directories it doesn't explicitly "trust."

By default, Tomcat is blocked from writing to the DSpace folder. e.g. /opt/dspace, which is where DSpace needs to store uploaded content.

The Solution: Updating the Service File

I applied this solution to DSpace 7 & 8. To fix this, you need to tell the system that Tomcat has permission to write to your DSpace folder. Follow these steps:

Open the Service File: Find your Tomcat systemd unit file (usually located at /lib/systemd/system/tomcat10.service). Check the version of Tomcat.

sudo mousepad /lib/systemd/system/tomcat10.service

Add the Path: Look for the [Security] section and find the lines starting with ReadWritePaths=. Add your DSpace installation path to this list. For example: ReadWritePaths=/opt/dspace

Check the User: Ensure the User= line in that same file matches the owner of your DSpace folder.

See how it looks after updating,

# Security

User=tomcat

Group=tomcat

PrivateTmp=yes

AmbientCapabilities=CAP_NET_BIND_SERVICE

NoNewPrivileges=true

CacheDirectory=tomcat9

CacheDirectoryMode=750

ProtectSystem=strict

ReadWritePaths=/etc/tomcat9/Catalina/

ReadWritePaths=/var/lib/tomcat9/webapps/

ReadWritePaths=/var/log/tomcat9/

ReadWritePaths=/opt/dspace

Reload and Restart: Save the file, then run these commands to apply the changes:

sudo systemctl daemon-reload

sudo systemctl restart tomcat10

Once these changes are made, the "sandbox" is opened, and your file uploads should work immediately.

Reference

https://groups.google.com/g/dspace-tech/c/mSneVhXMRSA?pli=1

How to automate the backup of DSpace database and folders

Here is a method to automate the backup of the PostgreSQL database and DSpace folders (e.g. assetstore) using a shell script and scheduling through cronjob.

Find the pg_hba.conf file change the method to 'trust'

The pg_hba. conf file resides within the PostgreSQL data directory and consists of a series of lines, each specifying a connection type, database, user, IP address, authentication method, and other details.

The file is located at Ubuntu 24.04 at /etc/postgresql/16/main/pg_hba.conf. Location may be different in Debian Linux. Check the location manually and open the file.

sudo mousepad /etc/postgresql/16/main/pg_hba.conf

Find the following lines and change the term peer to trust,

local   all             postgres                                peer

local   all             all                                     peer

host    all             all             127.0.0.1/32            peer

The output will look like this,

Save and close the file. Restart the PostgreSQL service.

sudo systemctl restart  postgresql

Make a shell script to take the backup

Create a backup folder on your computer. Apply the following command to create a local backup folder on your home folder. Change the location of the folder in the below command before applying it.

sudo mkdir /home/username/backup

The backup location can be a folder inside your cloud storage service like PCloud or Dropbox.

Open a new file inside the folder /usr/local/bin/ to create a shell script.

sudo mousepad /usr/local/bin/dspace-backup.sh

Copy the following content into the file. Make necessary changes in the file, e.g. location of the backup folder, PostgreSQL database name and user. 

#!/bin/bash

#backup of PostgreSQL database

BACKUP_DIR="/home/username/backup/"

FILE_NAME=$BACKUP_DIR`date +%d-%m-%Y-%I-%M-%S-%p`.sql

pg_dump -U db_user db_name > $FILE_NAME

# backup of assetstore folder

zip -r /home/username/backup/assetstore-$(date +%d-%m-%Y-%H.%M).zip /dspace/assetstore

#Delete older files more than 7 days will delete.

find /home/username/backup/* -mtime +7 -exec rm {} \;

Save and close the file.

Make the shell script executable

sudo chmod a+x /usr/local/bin/dspace-backup.sh

Add the crontab entry

Apply the following command to open crontab

sudo crontab -e

Copy and paste the following entries at the end of the editor.

Copy the below lines to the bottom part of the crontab file.

#DSpace backup

10 20 * * * /usr/local/bin/dspace-backup.sh

Change the timing of the backup. Here, backup takes at 8:10 PM.

If you want a backup every 5 hours, apply the following entry.

# DSpace backup

0 */5 * * * /usr/local/bin/dspace-backup.sh

Reference

How to take backup PosgreSQL using pg_dump with crontab in Linux?