Univention Bugzilla – Bug 37955
Problematic leftover "home directory"
Last modified: 2016-12-13 06:21:29 CET
Report by a customer: If a teacher stops the exam mode and collects the results from the students while some students are still logged on at the windows client, the windows client keeps the home directory of the exam user. During the next exam, there are permission problems with the user's home directory, because a new exam user with new SID is created but the home directory is still owned by the old SID. The exam/computerroom module should force a logoff of all users (e.g. via iTALC), to make sure that home dir and profile are synced back to the server.
> If a teacher stops the exam mode and collects the results from the students > while some students are still logged on at the windows client, the windows > client keeps the home directory of the exam user. There was a misunderstanding on my side: If a teacher stops the exam mode and collects the results from the students while some students are still logged on at the windows client, the following happens: - the exam mode removes the exam user objects from LDAP - a UCS@school listener module moves the home directories of the exam users into a special backup directory - the exam user is still logged on at the windows client and perhaps there is still a valid session with a samba daemon; it looks like if the homedir is missing, the samba process recreates the directory and the user is able to save data into it. If a new exam mode is started with the same users, the home directories are reused (if present) and may contain data from the previous exam. Incomplete list of solutions: 1) add a random/time related suffix to the UNIX home directory path, e.g. /home/$OU/schueler/exam-foobar-20150312-14312 Disadvantage: a manual cleanup is required, to remove the leftovers 2) Perform a forced logoff of all exam users of the corresponding room when stopping the exam mode. Disadvantage: forced logoff 3) ...
Reported again... this bug causes permission trouble during starting exams.
Side note: currently the exam mode automatically removed the exam user's home directory upon exam shutdown. So it is not possible to backup the exam home dir to /home/backup/ via move-old-share-dirs.
r74660: when new exam users are created, home directories of previous exam users are removed
(In reply to Daniel Tröder from comment #4) > r74660: when new exam users are created, home directories of previous exam > users are removed REOPEN: I started one exam "foo" with class "1A" (containing the student "elena"). I logged in as elena and created a file in her home directory. I started another exam "bar" with class "1B" (containing the student "elena", too). → The home directory of her was removed. Note: iproject.recipients contains users and classes. If you want users then only use iproject.getRecipients(). Please also add error handling around shutil.remove(). This fails if the listener is not fast enough to create the home directory. I am for the suggested solution #1 of comment 1: Adding a timestamp to the home directory.
Also: We can't remove the home directory prior to starting the exam because then the univention-skel is removed?!
(In reply to Florian Best from comment #5) > I am for the suggested solution #1 of comment 1: Adding a timestamp to the > home directory. OK, so I suggest: 1. homedir = /home/$OU/schueler/exam-$USERNAME-2015031214312 2. Add another command to the cleanup-script ucs-school-umc-exam/share/exam-and-room-cleanup, that removes all homedirs that match that name pattern and for whom no corresponding user exists anymore (not checking list of running exams and their users, but searching ExamUsers). Then the previous behavior would be kept: only try to remove the homedir at exam-end, but not before exam-start. The cronjob runs only if manually activated, although I guess that everyone uses it. Would that be OK?
(In reply to Daniel Tröder from comment #7) > (In reply to Florian Best from comment #5) > > I am for the suggested solution #1 of comment 1: Adding a timestamp to the > > home directory. > OK, so I suggest: > 1. homedir = /home/$OU/schueler/exam-$USERNAME-2015031214312 Yes: homedir = '%s-%s' % (homedir.rstrip('/'), timestamp) > 2. Add another command to the cleanup-script > ucs-school-umc-exam/share/exam-and-room-cleanup, that removes all homedirs > that match that name pattern and for whom no corresponding user exists > anymore (not checking list of running exams and their users, but searching > ExamUsers). Hmm, I think it might be better to have a listener module which reacts only when exam users are removed and remove their home directory then (?). > Then the previous behavior would be kept: only try to remove the homedir at > exam-end, but not before exam-start. Sounds good. > The cronjob runs only if manually > activated, although I guess that everyone uses it. I think nearly nobody uses it because it is deactivated by default.
r74802: if a user should be created (doesn't exist yet), remove its home directory
REOPEN: Missing error handling around shutil.remove().
(In reply to Florian Best from comment #10) > REOPEN: Missing error handling around shutil.remove(). os.remove() is not used, but shutil.rmtree(): shutil.rmtree(iuser.unixhome, ignore_errors=True) If ignore_errors is true, errors resulting from failed removals will be ignored.
The change removes the home directory of the actual user instead of the actual exam user.
fixed in r75127.
REOPEN: * Start exam1 in room1 with user foo * login as user exam-foo, create some file 'math' * Start exam2 in room2 with user foo * The file 'math' got removed.
That wasn't the remove-old-homedirs.py listener. My guess is, that the material distribution does that. I added a log line, when the listener module does actually move the home directory: r75146.
(In reply to Daniel Tröder from comment #15) > That wasn't the remove-old-homedirs.py listener. My guess is, that the > material distribution does that. > > I added a log line, when the listener module does actually move the home > directory: r75146. Your are at the wrong bug. I did never speak about the listener module (Bug #41989) but about the exam mode with having 2 parallel exams.
r75167: before letting the dc master create the exam-user, the existence of its home directory is now checked Package: ucs-school-umc-exam Version: 6.0.10-5.126.201612091607 Branch: ucs_4.1-0 Scope: ucs-school-4.1r2
Created attachment 8300 [details] patch The code uses the home directory of the original user and replaces the username with the exam username. I am very unsure about this, please have a look at my attached untested patch which does the things probably more reliable. The patch waits for the exam students to be created and removed the home directories then by using the real home directory path.
(In reply to Florian Best from comment #18) > The code uses the home directory of the original user and replaces the > username with the exam username. I am very unsure about this, please have a > look at my attached untested patch which does the things probably more > reliable. The patch waits for the exam students to be created and removed > the home directories then by using the real home directory path. Removing the home dir after creation (as suggested in the patch) is no good solution. Stefan, Florian and me discussed this problem again and compared all possible/known solutions and agreed, that each exam should get it's own, unique home directory path. That way the next exam does not interfere with a orphaned home directory. ucs-school-umc-exam (6.0.10-7): r75175 | Bug #37955: do not remove the home directory of the original user r75174 | Bug #37955: use unique home directories for exam users r75173 | Revert "Bug #37955: remove homedir of exam user" r75172 | Revert "Bug #37955: remove homedir of exam user before creating it" Package: ucs-school-umc-exam Version: 6.0.10-7.127.201612091818 Branch: ucs_4.1-0 Scope: ucs-school-4.1r2 User: sschwardt
Added first draft of ucs-test 101_exam_mode_home_directories
The test failed: (2016-12-11 21:30:47.289208) Traceback (most recent call last): (2016-12-11 21:30:47.289224) File "101_exam_mode_home_directories", line 121, in <module> (2016-12-11 21:30:47.289232) main() (2016-12-11 21:30:47.289241) File "101_exam_mode_home_directories", line 85, in main (2016-12-11 21:30:47.289251) create_homedirs([teadn, studn, student2.dn], open_ldap_co) (2016-12-11 21:30:47.289260) File "101_exam_mode_home_directories", line 25, in create_homedirs (2016-12-11 21:30:47.289270) for attrs in open_ldap_co.get(dn, attrs=['homeDirectory']): (2016-12-11 21:30:47.289279) TypeError: get() got an unexpected keyword argument 'attrs' http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4/testReport/90_ucsschool/101_exam_mode_home_directories/test/ http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Multiserver/lastCompletedBuild/SambaVersion=s4-all-components/testReport/90_ucsschool/101_exam_mode_home_directories/test/
(In reply to Stefan Gohmann from comment #21) > The test failed: > (2016-12-11 21:30:47.289260) File "101_exam_mode_home_directories", line > 25, in create_homedirs > (2016-12-11 21:30:47.289270) for attrs in open_ldap_co.get(dn, > attrs=['homeDirectory']): > (2016-12-11 21:30:47.289279) TypeError: get() got an unexpected keyword > argument 'attrs' Fixed in: ucs-test-ucsschool (3.0.17-30): r75187 | Bug #37955: fix TypeError
OK: problem reproduced OK: fix by appending timestamp to exam users home directory OK: code review and reverts OK: home dir of non-exam-users aren't removed OK: YAML
UCS@school 4.1 R2 v9 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html