Skip to content

[Bug]: Gateway crash-loops after npm i -g openclaw@latest when user umask is 0002 #27853

New issue
New issue
Closed
Closed
[Bug]: Gateway crash-loops after npm i -g openclaw@latest when user umask is 0002#27853
Labels
bugSomething isn't working
@almuller-dev

Description

@almuller-dev
almuller-dev
opened on Feb 26, 2026

Summary

Environment: Ubuntu 24.04, OpenClaw installed via npm global, running as non-root user via systemd --user services.

Steps to reproduce:

  1. Have a user session with umask 0002 (common default on Ubuntu for users in their own group)
  2. Run openclaw gateway update.run or npm i -g openclaw@latest
  3. Gateway restarts and crash-loops

Root cause: During the npm global install (or on first startup of the new version), the temp directory /tmp/openclaw- gets created with permissions derived from the process umask. With umask 0002, the directory is created as 0775 (group-writable). On startup, OpenClaw's security check correctly rejects a group-writable temp directory — but the gateway itself (or its upgrade path) is what created it with those permissions.

Impact: Gateway enters a crash-restart loop. With Restart=always in systemd, it cycled 188 times in ~5 minutes before manual intervention.

Steps to reproduce

  1. Have a user session with umask 0002 (common default on Ubuntu for users in their own group)
  2. Run openclaw gateway update.run or npm i -g openclaw@latest
  3. Gateway restarts and crash-loops

Expected behavior

Impact: Gateway enters a crash-restart loop. With Restart=always in systemd, it cycled 188 times in ~5 minutes before manual intervention.

Fix/Workaround:
bash
chmod 700 /tmp/openclaw-$(id -u)
systemctl --user restart openclaw-gateway

Suggested fix in OpenClaw: When creating /tmp/openclaw-, explicitly chmod 700 (or use mkdtemp equivalent with 0700 mode) regardless of the inherited umask. The security check and the creation path should agree.

Preventive measure for operators: Add UMask=0077 to systemd service files:
ini
[Service]
UMask=0077

Actual behavior

Impact: Gateway enters a crash-restart loop. With Restart=always in systemd, it cycled 188 times in ~5 minutes before manual intervention.

Fix/Workaround:
bash
chmod 700 /tmp/openclaw-$(id -u)
systemctl --user restart openclaw-gateway

Suggested fix in OpenClaw: When creating /tmp/openclaw-, explicitly chmod 700 (or use mkdtemp equivalent with 0700 mode) regardless of the inherited umask. The security check and the creation path should agree.

Preventive measure for operators: Add UMask=0077 to systemd service files:
ini
[Service]
UMask=0077

OpenClaw version

26.2.25

Operating system

Ubuntu 24.04

Install method

npm global

Logs, screenshots, and evidence

(openclaw-gateway) is down — crash-looping

Restart counter: 188 times (been failing for a while)
Root cause: /tmp/openclaw-1001 has permissions 0775 (group-writable) — OpenClaw's security check rejects it as unsafe
The fix is simple:

1
2
chmod 700 /tmp/openclaw-1001
systemctl --user restart openclaw-gateway
That should bring him back up. Want me to apply it? It's low-risk — just a permission fix and a restart. I'll verify it comes up clean before reporting back.

Impact and severity

No response

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions