#8367 closed defect (fixed)
TracError: The user root requires read _and_ write permission to the database file
Reported by: | Owned by: | Christian Boos | |
---|---|---|---|
Priority: | normal | Milestone: | 0.11.5 |
Component: | web frontend/mod_python | Version: | 0.11.2 |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
Traceback (most recent call last): File "/usr/lib/python2.5/site-packages/trac/web/api.py", line 367, in send_error 'text/html') File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 688, in render_template data = self.populate_data(req, data) File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 596, in populate_data d['chrome'].update(req.chrome) File "/usr/lib/python2.5/site-packages/trac/web/api.py", line 194, in __getattr__ value = self.callbacks[name](self) File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 464, in prepare_request for category, name, text in contributor.get_navigation_items(req): File "/usr/lib/python2.5/site-packages/trac/ticket/web_ui.py", line 162, in get_navigation_items if 'TICKET_CREATE' in req.perm: File "/usr/lib/python2.5/site-packages/trac/perm.py", line 523, in has_permission return self._has_permission(action, resource) File "/usr/lib/python2.5/site-packages/trac/perm.py", line 537, in _has_permission check_permission(action, perm.username, resource, perm) File "/usr/lib/python2.5/site-packages/trac/perm.py", line 424, in check_permission perm) File "/usr/lib/python2.5/site-packages/trac/perm.py", line 282, in check_permission get_user_permissions(username) File "/usr/lib/python2.5/site-packages/trac/perm.py", line 357, in get_user_permissions for perm in self.store.get_user_permissions(username): File "/usr/lib/python2.5/site-packages/trac/perm.py", line 173, in get_user_permissions db = self.env.get_db_cnx() File "/usr/lib/python2.5/site-packages/trac/env.py", line 264, in get_db_cnx return DatabaseManager(self).get_connection() File "/usr/lib/python2.5/site-packages/trac/db/api.py", line 76, in get_connection return self._cnx_pool.get_cnx(self.timeout or None) File "/usr/lib/python2.5/site-packages/trac/db/pool.py", line 174, in get_cnx return _backend.get_cnx(self._connector, self._kwargs, timeout) File "/usr/lib/python2.5/site-packages/trac/db/pool.py", line 107, in get_cnx cnx = connector.get_connection(**kwargs) File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 126, in get_connection return SQLiteConnection(path, params) File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 168, in __init__ % (getuser(), path))
TracError: The user root requires read _and_ write permission to the database file /var/lib/trac/ncix/db/trac.db and the directory it is located in.
the file is owned by root and apache as the group permissions are 0664
/var/lib/trac/ncix/db folders are world read and executable
running on gentoo
Portage 2.1.6.13 (hardened/linux/x86/2008.0, gcc-3.4.6, glibc-2.9_p20081201-r0, 2.6.18-xen-r12 i686) ================================================================= System uname: Linux-2.6.18-xen-r12-i686-Intel-R-_Pentium-R-_4_CPU_2.40GHz-with-glibc2.3.2 Timestamp of tree: Sat, 06 Jun 2009 20:20:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.4.4-r6, 2.5.4-r2 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63 sys-devel/automake: 1.7.9-r1, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs" CHOST="i686-pc-linux-gnu"
apps
www-servers/apache-2.2.11 www-apps/trac-0.11.2 dev-lang/python-2.5.4-r2 www-apache/mod_python-3.3.1-r1
running apache modules
core worker http_core mod_so mod_actions mod_alias mod_auth_basic mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authn_file mod_authz_dbm mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_owner mod_authz_user mod_autoindex mod_cgid mod_deflate mod_dir mod_env mod_expires mod_ext_filter mod_filter mod_headers mod_include mod_info mod_log_config mod_logio mod_mime mod_mime_magic mod_negotiation mod_rewrite mod_setenvif mod_speling mod_unique_id mod_usertrack mod_vhost_alias mod_python mod_php5
Attachments (1)
Change History (14)
follow-up: 2 comment:1 by , 16 years ago
Description: | modified (diff) |
---|
follow-up: 3 comment:2 by , 16 years ago
Replying to cboos:
Replying to JoelKoglin@…:
… and the directory it is located in.
Did you also verify that?
All directories from / to /var/lib/trac/ncix/db are globally read and executable drwxr-xr-x 16 root root 4096 Jun 6 12:06 var drwxr-xr-x 24 root root 4096 Jun 9 12:33 lib drwxr-xr-x 4 root apache 61 Jun 9 14:05 trac drwxr-xr-x 9 root apache 140 Jun 9 14:16 ncix drwxr-xr-x 2 root apache 20 Jun 9 12:49 db -rw-rw-r— 1 root apache 348160 Jun 9 12:49 trac.db
comment:3 by , 16 years ago
Replying to anonymous:
Replying to cboos: Replying to JoelKoglin@…:
… and the directory it is located in.
Did you also verify that?
All directories from / to /var/lib/trac/ncix/db are globally read and executable
drwxr-xr-x 16 root root 4096 Jun 6 12:06 var
drwxr-xr-x 24 root root 4096 Jun 9 12:33 lib
drwxr-xr-x 4 root apache 61 Jun 9 14:05 trac
drwxr-xr-x 9 root apache 140 Jun 9 14:16 ncix
drwxr-xr-x 2 root apache 20 Jun 9 12:49 db
-rw-rw-r— 1 root apache 348160 Jun 9 12:49 trac.db
(sorry im a little new to wiki formatting and I forgot to preview)
comment:4 by , 16 years ago
Description: | modified (diff) |
---|---|
Milestone: | → 0.11.5 |
Owner: | set to |
Status: | new → assigned |
Well, the message said "read _and_ write permission to … and the directory it is located in.".
Please try setting +gw to /var/lib/trac/ncix/db.
If that works, the question would be why did we show "root" instead of "apache".
getpass.getuser
seems to be the wrong way.
by , 16 years ago
Attachment: | getuser-uses-geteuid-r8262.diff added |
---|
Fix display of the user name in the system permission error message
follow-up: 6 comment:5 by , 16 years ago
If you don't mind, before fixing the permissions, you could test the patch above.
follow-up: 7 comment:6 by , 16 years ago
Replying to cboos:
If you don't mind, before fixing the permissions, you could test the patch above.
I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.
after adding g+w to the containing directory it worked (i think… no python errors anyways)
I will clean and reemerge trac to test it unpatched with the proper directory permissions to see if it was the patch, the new directory permissions or both that fixed the problem.
Thanks cboos
follow-up: 8 comment:7 by , 16 years ago
Replying to anonymous:
Replying to cboos:
If you don't mind, before fixing the permissions, you could test the patch above.
I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.
Exact same? I was expecting you to see:
The user apache requires read _and_ write permissions to the database file
Note that if you see "permission" instead of "permissions", it's still the unpatched code running…
/var/lib/trac/ncix/db/trac.db and the directory it is located in.
follow-up: 9 comment:8 by , 16 years ago
Replying to cboos:
Replying to anonymous:
Replying to cboos:
If you don't mind, before fixing the permissions, you could test the patch above.
I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.
Exact same? I was expecting you to see:
The user apache requires read _and_ write permissions to the database file
Note that if you see "permission" instead of "permissions", it's still the unpatched code running…
/var/lib/trac/ncix/db/trac.db and the directory it is located in.
unfortunately I already reinstalled. I ran
chown -R root:apache /var/lib/trac chmod -R 775 /var/lib/trac
and after doing so it worked. Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?
follow-up: 10 comment:9 by , 16 years ago
Replying to anonymous:
…
The user apache requires read _and_ write permissions to the database file
unfortunately I already reinstalled.
Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?
Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?
Well, trac-admin has no chance to know how you're going to use your environment, which web-frontend and what effective user will be used… So it creates the environment and sets the permissions for the current user (e.g. root).
follow-up: 11 comment:10 by , 16 years ago
Replying to cboos:
Replying to anonymous:
…
The user apache requires read _and_ write permissions to the database file
unfortunately I already reinstalled.
Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?
Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?
Well, trac-admin has no chance to know how you're going to use your environment, which web-frontend and what effective user will be used… So it creates the environment and sets the permissions for the current user (e.g. root).
I reinstalled to test what fixed the problem. That file was erased when I cleaned trac off my system.
Thanks for helping me with this
comment:11 by , 16 years ago
Replying to anonymous:
Replying to cboos:
Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?
I reinstalled to test what fixed the problem. That file was erased when I cleaned trac off my system.
Too bad… I guess I have to test by myself then ;-) Patch committed as [8264].
comment:12 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fix now tested on Linux and confirmed to work.
comment:13 by , 15 years ago
If you're running SELinux in enforcing mode ("cat /selinux/enforce" to find out) you may need to check system logs for "setroubleshoot" entries. Run any "sealert" command given in the logs for an explanation of what happened and a suggestion for a fix.
What worked for me on Fedora 12 was:
chcon -t httpd_var_lib_t /var/lib/trac/myproject/db/trac.db
Replying to JoelKoglin@…:
Did you also verify that?