First Last Prev Next    This bug is not in your last search results.
Bug 35368 - Listener module cups-printers.py doesn't set uid(0) when loading UCR handlers
Listener module cups-printers.py doesn't set uid(0) when loading UCR handlers
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UCR
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Felix Botner
Stefan Gohmann
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-15 15:28 CEST by Florian Best
Modified: 2014-09-10 17:34 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Skip writing cache if process has no write permission (1.44 KB, patch)
2014-08-28 16:04 CEST, Philipp Hahn 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2014-07-15 15:28:09 CEST 
15.07.14 15:25:57.138  LISTENER    ( ERROR   ) : import of filename=/usr/lib/univention-directory-listener/system/cups-printers.py failed
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/cups-printers.py", line 42, in <module>
    ucr_handlers.load()
  File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 530, in load
    self.update()
  File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 702, in update
    self._save_cache()
  File "/usr/lib/pymodules/python2.6/univention/config_registry/handler.py", line 742, in _save_cache
    cache_file = open(ConfigHandlers.CACHE_FILE, 'w')
IOError: [Errno 13] Permission denied: '/var/cache/univention-config/cache'

Seems that ucr_handlers.load() has a side effect of caching things so that it writes to a cache file which is only writeable by root.

If this error should be handlded in UCR directly please change the component.

Workaround is:
--- /usr/lib/univention-directory-listener/system/cups-printers.py.old  2014-07-15 15:31:33.536000000 +0200
+++ /usr/lib/univention-directory-listener/system/cups-printers.py      2014-07-15 15:28:45.160000000 +0200
@@ -39,7 +39,9 @@
 ## for the ucr commit below in postrun we need ucr configHandlers
 from univention.config_registry import configHandlers
 ucr_handlers = configHandlers()
+listener.setuid(0)
 ucr_handlers.load()
+listener.unsetuid()
 from univention.config_registry.interfaces import Interfaces
 interfaces = Interfaces(listener.configRegistry)
Comment 1 Philipp Hahn univentionstaff 2014-07-16 09:01:35 CEST 
(In reply to Florian Best from comment #0)
> Workaround is:
...
>  from univention.config_registry import configHandlers
>  ucr_handlers = configHandlers()
> +listener.setuid(0)
try:
>  ucr_handlers.load()
finally:
> +listener.unsetuid()

as the EUID is a property of the UNIX process, which must be reset always
(Bug #34324).
Comment 2 Philipp Hahn univentionstaff 2014-08-28 16:04:29 CEST 
Created attachment 6079 [details]
Skip writing cache if process has no write permission
Comment 3 Felix Botner univentionstaff 2014-08-28 16:17:11 CEST 
(In reply to Philipp Hahn from comment #2)
> Created attachment 6079 [details]
> Skip writing cache if process has no write permission

OK, merged patch to errara3.2-3 and UCS 4.0

YAML: 2014-08-28-univention-config-registry.yaml
Comment 4 Stefan Gohmann univentionstaff 2014-09-01 08:50:40 CEST 
Test: OK, I was able to reproduce it with the old version but not with the erratum

YAML: I think we could also release the UCR package for UCS 3.2-2-errata → Reopen
Comment 5 Felix Botner univentionstaff 2014-09-01 09:47:11 CEST 
2014-08-28-univention-config-registry.yaml
+version: [2,3]
Comment 6 Stefan Gohmann univentionstaff 2014-09-01 09:49:52 CEST 
OK
Comment 7 Janek Walkenhorst univentionstaff 2014-09-10 17:34:36 CEST 
http://errata.univention.de/ucs/3.2/189.html
First Last Prev Next    This bug is not in your last search results.