Last modified: 2014-06-20 14:48:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T66219, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 64219 - webservice creates blocking files and jobs when called from a user account with an eponymous tool
webservice creates blocking files and jobs when called from a user account wi...
Status: NEW
Product: Wikimedia Labs
Classification: Unclassified
tools (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Tim Landscheidt
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-22 01:56 UTC by Tim Landscheidt
Modified: 2014-06-20 14:48 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Tim Landscheidt 2014-04-22 01:56:06 UTC 
When a user X is a member of the tool tools.X and he calls "webservice start" as his /user/ account, a lighttpd process is started that doesn't work, but clogs the tools' directories with files not (over-) writable by the /tool/ account on subsequent, correct invocations.

Symptoms:

| root@tools-login:~# for TOOL in $(getent passwd | sed -ne 's/^tools\.\([^:]\+\):.*/\1/p;'); do sudo -u tools.$TOOL find /data/project/$TOOL -maxdepth 1 -type f \( -name access.log -or -name error.log \) -not -writable -ls; done
| 180028436    0 -rw-r--r--   1 rluts    tools.rluts        0 Apr  6 07:42 /data/project/rluts/error.log
| 180093321   32 -rw-r--r--   1 hexacore tools.hexacore    27254 Apr 16 15:59 /data/project/hexacore/access.log
| 180093318    4 -rw-r--r--   1 hexacore tools.hexacore      403 Apr 20 14:53 /data/project/hexacore/error.log
| 180126284    0 -rw-r--r--   1 ireas    tools.ireas        0 Mär  5 16:28 /data/project/ireas/access.log
| 180126283    4 -rw-r--r--   1 ireas    tools.ireas       49 Mär  5 16:28 /data/project/ireas/error.log
| 180126720    0 -rw-r--r--   1 yellowcard tools.yellowcard        0 Apr 19 13:16 /data/project/yellowcard/access.log
| 180126719    4 -rw-r--r--   1 yellowcard tools.yellowcard       49 Apr 19 13:16 /data/project/yellowcard/error.log
| root@tools-login:~# qstat -u \* | fgrep lighttpd | fgrep -v tools.
|  426120 0.27599 lighttpd-y yellowcard   r     04/19/2014 13:16:11 webgrid-lighttpd@tools-webgrid     1
|  442640 0.26494 lighttpd-h hexacore     r     04/20/2014 14:53:02 webgrid-lighttpd@tools-webgrid     1
| root@tools-login:~#

I rectified the existing cases by:

- Stopping the lighttpd jobs mentioned above,
- take'ing the log files as the tool accounts,
- removing /tmp/php.socket.$TOOL-0 on tools-webgrid-*,
- removing /var/run/lighttpd/$TOOL.* on tools-webgrid-*, and
- "webservice start" as the tool accounts for the stopped jobs.

The underlying problem lies in line 4f.:

| tool=$(/usr/bin/id -nu|sed -e "s/^$prefix.//")
| user="$prefix.$tool"

This prepends the prefix unconditionally, and in cases where there is a user account X and a tool account tools.X, subsequently webservice thinks the calling user is a tool.
Comment 1 Tim Landscheidt 2014-06-20 14:48:49 UTC 
This happened again for mono whose webservice I just restarted.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links