Univention Bugzilla – Bug 33842
Writing of config files should be an atomic operation
Last modified: 2014-03-04 12:56:50 CET
Currently the writing of an UCR config file is not an atomic operation. If it is a large config file it could take some time writing this file. This could led to an incomplete config file. See also Bug #33050. If this issue has been solved the workaround added with r46886 in ucs-test/tests/10_ldap/60failedldif should be removed.
*** Bug 33901 has been marked as a duplicate of this bug. ***
This also happens during the UCS 3.2-1 installation tests.
Changelog: r47802 Fixed in UCS 3.2-1: r47796 + r47797 + r47801 UCR now writes a temporary file first. The file is renamed to the target in a second step. I've checked the permissions between the old and new version: Old version: $ rm /etc/ldap/slapd.conf ; ucr commit /etc/ldap/slapd.conf; ls -la /etc/ldap/slapd.conf Multifile: /etc/ldap/slapd.conf -rw-r--r-- 1 root root 15689 10. Feb 19:02 /etc/ldap/slapd.conf $ chmod 600 /etc/ldap/slapd.conf; ucr commit /etc/ldap/slapd.conf; ls -la /etc/ldap/slapd.conf* Multifile: /etc/ldap/slapd.conf -rw------- 1 root root 15689 10. Feb 19:02 /etc/ldap/slapd.conf $ rm /etc/hostname ; ucr commit /etc/hostname; ls -la /etc/hostname* File: /etc/hostname -rw-r--r-- 1 root root 10 10. Feb 19:02 /etc/hostname $ chmod 600 /etc/hostname; ucr commit /etc/hostname; ls -la /etc/hostname File: /etc/hostname -rw-r--r-- 1 root root 10 10. Feb 19:02 /etc/hostname $ rm /etc/libnss-ldap.conf; ucr commit /etc/libnss-ldap.conf; ls -la /etc/libnss-ldap.conf File: /etc/libnss-ldap.conf -r--r----- 1 messagebus root 743 10. Feb 19:03 /etc/libnss-ldap.conf $ chmod 777 /etc/libnss-ldap.conf; ucr commit /etc/libnss-ldap.conf; ls -la /etc/libnss-ldap.conf File: /etc/libnss-ldap.conf -r--r----- 1 messagebus root 743 10. Feb 19:04 /etc/libnss-ldap.conf New version: $ rm /etc/ldap/slapd.conf ; ucr commit /etc/ldap/slapd.conf; ls -la /etc/ldap/slapd.conf Multifile: /etc/ldap/slapd.conf -rw-r--r-- 1 root root 15927 Feb 14 00:28 /etc/ldap/slapd.conf $ chmod 600 /etc/ldap/slapd.conf; ucr commit /etc/ldap/slapd.conf; ls -la /etc/ldap/slapd.conf* Multifile: /etc/ldap/slapd.conf -rw------- 1 root root 15927 Feb 14 00:28 /etc/ldap/slapd.conf $ rm /etc/hostname ; ucr commit /etc/hostname; ls -la /etc/hostname* File: /etc/hostname -rw-r--r-- 1 root root 10 Feb 14 00:28 /etc/hostname $ chmod 600 /etc/hostname; ucr commit /etc/hostname; ls -la /etc/hostname File: /etc/hostname -rw-r--r-- 1 root root 10 Feb 14 00:29 /etc/hostname $ rm /etc/libnss-ldap.conf; ucr commit /etc/libnss-ldap.conf; ls -la /etc/libnss-ldap.conf File: /etc/libnss-ldap.conf -r--r----- 1 messagebus root 743 Feb 14 00:31 /etc/libnss-ldap.conf $ chmod 777 /etc/libnss-ldap.conf; ucr commit /etc/libnss-ldap.conf; ls -la /etc/libnss-ldap.conf File: /etc/libnss-ldap.conf -r--r----- 1 messagebus root 743 Feb 14 00:31 /etc/libnss-ldap.conf
It seems to be a problem with the python interface.
(In reply to Stefan Gohmann from comment #4) > It seems to be a problem with the python interface. That was a problem during the file register. Two more commits: r47803 + r47804
Temporary files should be created securely by using the tempfile module. <http://docs.python.org/2/library/tempfile.html> For example the mkstemp or NamedTemporaryFile functions. (Not mktemp!)
(In reply to Janek Walkenhorst from comment #6) > Temporary files should be created securely by using the tempfile module. > <http://docs.python.org/2/library/tempfile.html> > For example the mkstemp or NamedTemporaryFile functions. (Not mktemp!) No, as already discussed with Stefan in private: UCR must handle any previously (not) existing file, umask setting, etc; using tempfile is a real pain here, as the file mode is always 0600.
(r47796,47797,47801,47803,47804) FAIL: self.to_file is not reset in at leas two error path. FAIL: May leave behind temporary files on errors. (these two errors are rather pedantic, but should be cleaned up - maybe as a follow up+cleanup instead of now?) OK: ChangeLog OK: ucs-test -s ucr -E dangerous OK: ucr register 33842
Created attachment 5796 [details] Testcase Create Single- and Multi-Template-File in all combinations → ucs-test?
(In reply to Philipp Hahn from comment #8) > (r47796,47797,47801,47803,47804) > > FAIL: self.to_file is not reset in at leas two error path. > FAIL: May leave behind temporary files on errors. > (these two errors are rather pedantic, but should be cleaned up - maybe as a > follow up+cleanup instead of now?) That should be fixed with r47817.
OK: r47817 OK: univention-config-registry_9.0.6-4.452.201402141359 ADDED: ucs-test: 03_ucr/{51file_permissions,52atomic_ucr} r47831 | Bug #33842: test/ucr: Add atomic commit tests ucs-test-4.0.161-38.675.201402141844 OK: ucs-test -s ucr -E dangerous
UCS 3.2-1 has been released: http://docs.univention.de/release-notes-3.2-1-en.html http://docs.univention.de/release-notes-3.2-1-de.html If this error occurs again, please use "Clone This Bug".