Red Hat Bugzilla – Bug 111451
/usr/share/ccm/work subdirs not writable, breaks p2fs
Last modified: 2007-04-18 12:59:56 EDT
Description of problem:
As a result of bug 110561 p2fs subdirs are not writable by the servlet
user. Thus, p2fs is breaking:
parameter destination: the document root '/usr/share/ccm/work/p2fs'
must be a writable directory
parameter destination: the document root
be a writable directory
Other subdirs too:
Servlet engine (resin) can't build jsps
Part of the problem here is that file permissions are not being
preserved during file copy. Therefore, if "ccm hostinit" is run as
root then root will be the owner of the new files and the 'servlet'
user will not have write access. Unfortunately, there is no way to
fix this within Java.
So, I will go ahead and modify "ccm hostinit" to switch to the
'servlet' user before invoking the java command that copies the files.
If anyone has a better solution, please post.
(p.s. To be more precise, I will have ccm hostinit switch to the user
as determined by the same process used in ccm start. Read the code
<dgregor> danpb: you may be interested in
<danpb> the files *should* be owned as root otherwise its a security hole
<ccmbot> ccmbot now has -71 points of karma.
<danpb> only the 'work' directory should be writable
<danpb> & we could probably fix that up after the effect in the shell
script wrapper, no ?
need to be writable
<danpb> ah, that dir too
<danpb> but that's only a short term thing
<danpb> until p2fs templating is fixed
<dgregor> ok, so keep existing behavior except make
@38498 I checked in a change to hostinit that makes that directory
(and all of its contents) writable, but nothing else.
Now I'm looking into why the work directory is having problems.
38510 should fix the problem with the work directory.
Still a problem under resin for building jsps:
The resin work directory is set to $CCM_HOME/tmp as of 38526
This works now.
Urgh. Didn't notice when I closed that work/lucene is still owned by root.
This directory is created when running ccm load on core, which is run
by root. If this can't be easily corrected, the workaround (chmod)
needs to be documented.
The solution is to run ccm load and hostinit as servlet.
Dennis is making changes to the script to su servlet if run as root.
@38596 I check in a copy of the ccm script which switches to the
servlet user when run as root, with the exception of "ccm hostinit".
That command is still run as root as we do want the files that it
copies/creates to be owned by root.
closing old tickets