I have a elastic beanstalk webapp running tomcat8.5 on a Amazon linux 2 AMI. My webapp launches a headless chrome image via chromedriver to perform some functions. The healess chrome process needs to be able to write to /tmp to unpack some stuff on startup and if it cant write to /tmp it fails. In my .ebextensions I have tried using
535_permission:
command: sudo chmod 777 /tmp
which according to my cfn-init-cmd.log excutes fine. However is I do do an ls -al on /tmp it has the default permissions of
drwxr-xr-x 10 ec2-user root 334 Oct 18 10:54 .
If I issue the command manually it works. I do not understand why the commands runs ok in eb config but hasnt applied when I manuall inspect the filesystem. I am not sure if /tmp gets reset after the ebextensions run, and maybe I need to run it later somehow.
Based on the comments.
By default, /tmp on EB environments has permissions 777 (i.e. drwxrwxrwt). Subsequently, all applications can write to it and normally no changes are required.
However, the OP's issue was caused by using a legacy code version which was changing the permissions, so that new code was not able to use the /tmp.
The solution was to remove the legacy code.