Bug 111451 - /usr/share/ccm/work subdirs not writable, breaks p2fs
/usr/share/ccm/work subdirs not writable, breaks p2fs
Status: CLOSED RAWHIDE
Product: Red Hat Enterprise CMS
Classification: Retired
Component: other (Show other bugs)
nightly
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dennis Gregorovic
Jon Orris
:
Depends On:
Blocks: 109665
  Show dependency treegraph
 
Reported: 2003-12-03 16:24 EST by Jon Orris
Modified: 2007-04-18 12:59 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-17 11:39:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jon Orris 2003-12-03 16:24:08 EST
Description of problem:
As a result of bug 110561 p2fs subdirs are not writable by the servlet
user. Thus, p2fs is breaking:


java.lang.ExceptionInInitializerError:
com.arsdigita.initializer.InitializationException: publishToFile:
parameter destination:  the document root '/usr/share/ccm/work/p2fs'
must be a writable directory
        at
com.arsdigita.cms.publishToFile.Initializer.invalidParam(Initializer.java:327)
        


java.lang.ExceptionInInitializerError:
com.arsdigita.initializer.InitializationException: publishToFile:
parameter destination:  the document root
'/usr/share/ccm/webapps/ROOT/packages/content-section/templates' must
be a writable directory
        at
com.arsdigita.cms.publishToFile.Initializer.invalidParam(Initializer.java:327)
        at
com.arsdigita.cms.publishToFile.Initializer.processDestinationEntry(Initializer.java:306)
Comment 1 Jon Orris 2003-12-03 16:41:35 EST
Other subdirs too:
java.io.FileNotFoundException:
/usr/share/ccm/webapps/ROOT/WEB-INF/work/_packages/_content_22dsection/_www/_admin/_index__jsp.java

Servlet engine (resin) can't build jsps
Comment 2 Dennis Gregorovic 2003-12-04 11:43:29 EST
Part of the problem here is that file permissions are not being
preserved during file copy.  Therefore, if "ccm hostinit" is run as
root then root will be the owner of the new files and the 'servlet'
user will not have write access.  Unfortunately, there is no way to
fix this within Java.  

So, I will go ahead and modify "ccm hostinit" to switch to the
'servlet' user before invoking the java command that copies the files.
 If anyone has a better solution, please post.

(p.s.  To be more precise, I will have ccm hostinit switch to the user
as determined by the same process used in ccm start.  Read the code
for details.)
Comment 3 Daniel Berrange 2003-12-04 11:52:11 EST
<dgregor> danpb: you may be interested in
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111451
<danpb> the files *should* be owned as root otherwise its a security hole
<dgregor> ccmbot--
<ccmbot> ccmbot now has -71 points of karma.
<danpb> only the 'work' directory should be writable
<danpb> & we could probably fix that up after the effect in the shell
script wrapper, no ?
<dgregor> but
/usr/share/ccm/webapps/ROOT/packages/content-section/templates does
need to be writable
<danpb> ah, that dir too
<danpb> but that's only a short term thing
<danpb> until p2fs templating is fixed
<dgregor> ok, so keep existing behavior except make
/usr/share/ccm/webapps/ROOT/packages/content-section/templates writable
<danpb> yeah
<dgregor> cool
Comment 4 Dennis Gregorovic 2003-12-04 12:10:15 EST
@38498 I checked in a change to hostinit that makes that directory
(and all of its contents) writable, but nothing else.

Now I'm looking into why the work directory is having problems.
Comment 5 Dennis Gregorovic 2003-12-04 14:32:13 EST
38510 should fix the problem with the work directory.
Comment 6 Jon Orris 2003-12-04 17:32:03 EST
Still a problem under resin for building jsps:
java.io.FileNotFoundException:
/usr/share/ccm/webapps/ROOT/WEB-INF/work/_packages/_content_22dsection/_www/_admin/_index__jsp.java


Comment 7 Dennis Gregorovic 2003-12-04 18:35:44 EST
The resin work directory is set to $CCM_HOME/tmp as of 38526
Comment 8 Jon Orris 2003-12-04 19:16:15 EST
This works now.
Comment 9 Jon Orris 2003-12-05 09:30:02 EST
Urgh. Didn't notice when I closed that work/lucene is still owned by root.
 
This directory is created when running ccm load on core, which is run
by root. If this can't be easily corrected, the workaround (chmod)
needs to be documented.
Comment 10 Jon Orris 2003-12-05 10:41:32 EST
The solution is to run ccm load and hostinit as servlet.
Dennis is making changes to the script to su servlet if run as root.
Comment 11 Dennis Gregorovic 2003-12-08 12:25:09 EST
@38596 I check in a copy of the ccm script which switches to the
servlet user when run as root, with the exception of "ccm hostinit". 
That command is still run as root as we do want the files that it
copies/creates to be owned by root.
Comment 12 Dennis Gregorovic 2005-03-17 11:39:39 EST
closing old tickets

Note You need to log in before you can comment on or make changes to this bug.