Univention Bugzilla – Bug 35368
Listener module cups-printers.py doesn't set uid(0) when loading UCR handlers
Last modified: 2014-09-10 17:34:36 CEST
15.07.14 15:25:57.138 LISTENER ( ERROR ) : import of filename=/usr/lib/univention-directory-listener/system/cups-printers.py failed Traceback (most recent call last): File "/usr/lib/univention-directory-listener/system/cups-printers.py", line 42, in <module> ucr_handlers.load() File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 530, in load self.update() File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 702, in update self._save_cache() File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 742, in _save_cache cache_file = open(ConfigHandlers.CACHE_FILE, 'w') IOError: [Errno 13] Permission denied: '/var/cache/univention-config/cache' Seems that ucr_handlers.load() has a side effect of caching things so that it writes to a cache file which is only writeable by root. If this error should be handlded in UCR directly please change the component. Workaround is: --- /usr/lib/univention-directory-listener/system/cups-printers.py.old 2014-07-15 15:31:33.536000000 +0200 +++ /usr/lib/univention-directory-listener/system/cups-printers.py 2014-07-15 15:28:45.160000000 +0200 @@ -39,7 +39,9 @@ ## for the ucr commit below in postrun we need ucr configHandlers from univention.config_registry import configHandlers ucr_handlers = configHandlers() +listener.setuid(0) ucr_handlers.load() +listener.unsetuid() from univention.config_registry.interfaces import Interfaces interfaces = Interfaces(listener.configRegistry)
(In reply to Florian Best from comment #0) > Workaround is: ... > from univention.config_registry import configHandlers > ucr_handlers = configHandlers() > +listener.setuid(0) try: > ucr_handlers.load() finally: > +listener.unsetuid() as the EUID is a property of the UNIX process, which must be reset always (Bug #34324).
Created attachment 6079 [details] Skip writing cache if process has no write permission
(In reply to Philipp Hahn from comment #2) > Created attachment 6079 [details] > Skip writing cache if process has no write permission OK, merged patch to errara3.2-3 and UCS 4.0 YAML: 2014-08-28-univention-config-registry.yaml
Test: OK, I was able to reproduce it with the old version but not with the erratum YAML: I think we could also release the UCR package for UCS 3.2-2-errata → Reopen
2014-08-28-univention-config-registry.yaml +version: [2,3]
OK
http://errata.univention.de/ucs/3.2/189.html