https://bugzilla.wikimedia.org/show_bug.cgi?id=64219
Bug ID: 64219
Summary: webservice creates blocking files and jobs when called
from a user account with an eponymous tool
Product: Wikimedia Labs
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: tools
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected],
[email protected]
Web browser: ---
Mobile Platform: ---
When a user X is a member of the tool tools.X and he calls "webservice start"
as his /user/ account, a lighttpd process is started that doesn't work, but
clogs the tools' directories with files not (over-) writable by the /tool/
account on subsequent, correct invocations.
Symptoms:
| root@tools-login:~# for TOOL in $(getent passwd | sed -ne
's/^tools\.\([^:]\+\):.*/\1/p;'); do sudo -u tools.$TOOL find
/data/project/$TOOL -maxdepth 1 -type f \( -name access.log -or -name error.log
\) -not -writable -ls; done
| 180028436 0 -rw-r--r-- 1 rluts tools.rluts 0 Apr 6 07:42
/data/project/rluts/error.log
| 180093321 32 -rw-r--r-- 1 hexacore tools.hexacore 27254 Apr 16 15:59
/data/project/hexacore/access.log
| 180093318 4 -rw-r--r-- 1 hexacore tools.hexacore 403 Apr 20 14:53
/data/project/hexacore/error.log
| 180126284 0 -rw-r--r-- 1 ireas tools.ireas 0 Mär 5 16:28
/data/project/ireas/access.log
| 180126283 4 -rw-r--r-- 1 ireas tools.ireas 49 Mär 5 16:28
/data/project/ireas/error.log
| 180126720 0 -rw-r--r-- 1 yellowcard tools.yellowcard 0 Apr 19
13:16 /data/project/yellowcard/access.log
| 180126719 4 -rw-r--r-- 1 yellowcard tools.yellowcard 49 Apr 19
13:16 /data/project/yellowcard/error.log
| root@tools-login:~# qstat -u \* | fgrep lighttpd | fgrep -v tools.
| 426120 0.27599 lighttpd-y yellowcard r 04/19/2014 13:16:11
webgrid-lighttpd@tools-webgrid 1
| 442640 0.26494 lighttpd-h hexacore r 04/20/2014 14:53:02
webgrid-lighttpd@tools-webgrid 1
| root@tools-login:~#
I rectified the existing cases by:
- Stopping the lighttpd jobs mentioned above,
- take'ing the log files as the tool accounts,
- removing /tmp/php.socket.$TOOL-0 on tools-webgrid-*,
- removing /var/run/lighttpd/$TOOL.* on tools-webgrid-*, and
- "webservice start" as the tool accounts for the stopped jobs.
The underlying problem lies in line 4f.:
| tool=$(/usr/bin/id -nu|sed -e "s/^$prefix.//")
| user="$prefix.$tool"
This prepends the prefix unconditionally, and in cases where there is a user
account X and a tool account tools.X, subsequently webservice thinks the
calling user is a tool.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
