Opened 16 years ago
Closed 15 years ago
#6941 closed defect (worksforme)
Trac with fcgi wants to use /tmp and requires chmod +rwx
| Reported by: | bb | Owned by: | Remy Blank |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | web frontend | Version: | 0.10.4 |
| Severity: | normal | Keywords: | needinfo |
| Cc: | bubblboy@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
When I run trac as an fcgi application it fails if it does not have read-access to the /tmp directory. I tried a lot of things to make it use a different temp directory, but none were of any avail. It would be great if you could at least change the location of the temporary dir. Changing the permissions of this directory just is not an option sometimes.
Attachments (0)
Change History (11)
comment:1 by , 16 years ago
follow-up: 3 comment:2 by , 16 years ago
| Severity: | major → blocker |
|---|
I tried every environment variable I could think of by setting it through lighttpd:
"bin-environment" => (..., "TMP" => "/trac", "TMPDIR" => "/trac", "EGG_TMP_DIR" => "/trac", "PYTHON_EGG_CACHE" => "/trac", "TEMP" => "/trac", "TEMP_DIR" => "/trac", "TMP_DIR" => "/trac", "TEMPDIR" => "/trac" ),
But nothing helped. Doing chmod a+r /tmp did help, though, but that is not exactly a viable solution for me. :/ at least, I'd very much like to do it differently.
(Severity changed to "blocker" as it prevents one from running trac altogether)
follow-ups: 4 5 comment:3 by , 16 years ago
| Component: | general → web frontend |
|---|---|
| Keywords: | fcgi added |
| Owner: | removed |
| Severity: | blocker → normal |
Replying to bb:
(Severity changed to "blocker" as it prevents one from running trac altogether)
Of course not, fcgi is simply one option among others, and this issue is only blocking you, not anyone using Trac. If for some reason you're having trouble with that deployment, try another way (TracModPython, TracModWsgi).
Besides, it seems quite odd that you're interfering with /tmp in that way. It's a place where anyone is supposed to be able to write, last time I looked… I guess you're preventing fcgi to use mktemp, but it's only a guess as I've never used fcgi myself.
This ticket is bordering on worksforme and local installation issue.
follow-up: 8 comment:4 by , 16 years ago
Replying to cboos:
Replying to bb:
(Severity changed to "blocker" as it prevents one from running trac altogether)
Of course not, fcgi is simply one option among others, and this issue is only blocking you, not anyone using Trac. If for some reason you're having trouble with that deployment, try another way (TracModPython, TracModWsgi).
I figured that the severity was supposed to describe the effect of the bug (in this case it blocks me from running trac altogether) and that the priority was meant to describe how important that actually is, but I guess I understood it wrong. All my apologies.
Besides, it seems quite odd that you're interfering with /tmp in that way. It's a place where anyone is supposed to be able to write, last time I looked… I guess you're preventing fcgi to use mktemp, but it's only a guess as I've never used fcgi myself.
No, I am not interfering with /tmp, this is the default setup for Mandriva with security level set to "server". /tmp is chmod 773 so everybody can create their files just fine, they just can't see the list of temporary files (makes sense if you ask me, even for silly things like forgetting to make PHP store session files in a seperate dir to prevent session stealing, but ymmv). The lighttpd user (which runs the fcgi) can run mktemp just fine:
-sh-3.2$ whoami lighttpd -sh-3.2$ mktemp /tmp/tmp.JIbAK10429
This ticket is bordering on worksforme and local installation issue.
I guess all I can say is that it's not even bordering on that, since this goes for all mandriva users who played with the security drop-down menu during the installation. It's not exactly local.
Actually, this is just like tracd wanting read permission on the /usr/bin directory, which is also denied in Mandriva for non-admin users. Why do you need read permissions on that?
comment:5 by , 16 years ago
Replying to cboos:
Replying to bb:
(Severity changed to "blocker" as it prevents one from running trac altogether)
Of course not, fcgi is simply one option among others, and this issue is only blocking you, not anyone using Trac. If for some reason you're having trouble with that deployment, try another way (TracModPython, TracModWsgi).
What I forgot to address here is the assumption this is fcgi-specific.. are you sure?
comment:6 by , 16 years ago
| Cc: | added |
|---|
comment:7 by , 16 years ago
I now see I totally forgot to add the traceback I get when I do chmod 1773 /tmp. Here it is:
Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/trac/web/main.py", line 406, in dispatch_request File "/usr/lib/python2.5/site-packages/trac/web/main.py", line 191, in dispatch File "/usr/lib/python2.5/site-packages/trac/web/main.py", line 263, in _pre_process_request File "/usr/lib/python2.5/site-packages/trac/versioncontrol/api.py", line 73, in pre_process_request File "/usr/lib/python2.5/site-packages/trac/versioncontrol/cache.py", line 71, in sync File "/usr/lib/python2.5/site-packages/trac/db/util.py", line 51, in execute File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 56, in execute File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 48, in _rollback_on_error OperationalError: unable to open database file
comment:8 by , 16 years ago
| Keywords: | needinfo added |
|---|
Replying to bb:
Actually, this is just like tracd wanting read permission on the /usr/bin directory, which is also denied in Mandriva for non-admin users. Why do you need read permissions on that?
Because /usr/bin/tracd is a script, not an executable. It must be readable so that it can be passed to /usr/bin/python for execution.
Is this still an issue with 0.11.1? You might want to look at the TracInstall#SettingupthePluginCache section to make sure Trac is not trying to write the egg cache to /tmp, as mentioned in comment:1.
comment:9 by , 15 years ago
| Keywords: | fcgi needinfo removed |
|---|---|
| Milestone: | → 0.11.3 |
| Owner: | set to |
The traceback in comment:7 seems to indicate that the exception comes from SQLite, and is due to temporary files created by the database. See:
So this is probably not fcgi-specific. I'll try to see if the location of the temporary files can be configured.
comment:10 by , 15 years ago
| Keywords: | needinfo added |
|---|
I am unable to reproduce this issue with tracd, and unfortunately I don't have an fcgi setup to test. Do you get the exception above for all pages, or only for specific pages or operations? Do you get the same error when running tracd instead of fcgi?
comment:11 by , 15 years ago
| Milestone: | 0.11.6 |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
Without a procedure to reproduce this using tracd, I won't be able to find a fix. Feel free to reopen if someone can provide the requested info.
Note that this may be dependent on the SQLite version.
It likely needs the tmp directory to extract egg resources - the eggs are installed packaged (may be overridden using the
easy_install --always-unzipoption).The location used to unpack is determined by
PYTHON_EGG_CACHEenv variable - at the beginning of your fcgi script, do:Try this for more information - it is a frequent issue: search:PYTHON_EGG_CACHE
Please report back.