TracError: The user root requires read _and_ write permission to the database file

[JoelKoglin@…]

Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/trac/web/api.py", line 367, in send_error
    'text/html')
  File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 688, in render_template
    data = self.populate_data(req, data)
  File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 596, in populate_data
    d['chrome'].update(req.chrome)
  File "/usr/lib/python2.5/site-packages/trac/web/api.py", line 194, in __getattr__
    value = self.callbacks[name](self)
  File "/usr/lib/python2.5/site-packages/trac/web/chrome.py", line 464, in prepare_request
    for category, name, text in contributor.get_navigation_items(req):
  File "/usr/lib/python2.5/site-packages/trac/ticket/web_ui.py", line 162, in get_navigation_items
    if 'TICKET_CREATE' in req.perm:
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 523, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 537, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 424, in check_permission
    perm)
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 282, in check_permission
    get_user_permissions(username)
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 357, in get_user_permissions
    for perm in self.store.get_user_permissions(username):
  File "/usr/lib/python2.5/site-packages/trac/perm.py", line 173, in get_user_permissions
    db = self.env.get_db_cnx()
  File "/usr/lib/python2.5/site-packages/trac/env.py", line 264, in get_db_cnx
    return DatabaseManager(self).get_connection()
  File "/usr/lib/python2.5/site-packages/trac/db/api.py", line 76, in get_connection
    return self._cnx_pool.get_cnx(self.timeout or None)
  File "/usr/lib/python2.5/site-packages/trac/db/pool.py", line 174, in get_cnx
    return _backend.get_cnx(self._connector, self._kwargs, timeout)
  File "/usr/lib/python2.5/site-packages/trac/db/pool.py", line 107, in get_cnx
    cnx = connector.get_connection(**kwargs)
  File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 126, in get_connection
    return SQLiteConnection(path, params)
  File "/usr/lib/python2.5/site-packages/trac/db/sqlite_backend.py", line 168, in __init__
    % (getuser(), path))

TracError: The user root requires read _and_ write permission to the database file /var/lib/trac/ncix/db/trac.db and the directory it is located in.

the file is owned by root and apache as the group permissions are 0664

/var/lib/trac/ncix/db folders are world read and executable

running on gentoo

Portage 2.1.6.13 (hardened/linux/x86/2008.0, gcc-3.4.6, glibc-2.9_p20081201-r0, 2.6.18-xen-r12 i686)
=================================================================
System uname: Linux-2.6.18-xen-r12-i686-Intel-R-_Pentium-R-_4_CPU_2.40GHz-with-glibc2.3.2
Timestamp of tree: Sat, 06 Jun 2009 20:20:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 2.1.7
dev-lang/python:     2.4.4-r6, 2.5.4-r2
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63
sys-devel/automake:  1.7.9-r1, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs"
CHOST="i686-pc-linux-gnu"

apps

www-servers/apache-2.2.11
www-apps/trac-0.11.2
dev-lang/python-2.5.4-r2
www-apache/mod_python-3.3.1-r1

running apache modules

core worker http_core mod_so mod_actions mod_alias mod_auth_basic mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authn_file mod_authz_dbm mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_owner mod_authz_user mod_autoindex mod_cgid mod_deflate mod_dir mod_env mod_expires mod_ext_filter mod_filter mod_headers mod_include mod_info mod_log_config mod_logio mod_mime mod_mime_magic mod_negotiation mod_rewrite mod_setenvif mod_speling mod_unique_id mod_usertrack mod_vhost_alias mod_python mod_php5

[Christian Boos]

Replying to JoelKoglin@…:

… and the directory it is located in.

Did you also verify that?

[anonymous]

Replying to cboos:

Replying to JoelKoglin@…:

… and the directory it is located in.

Did you also verify that?

All directories from / to /var/lib/trac/ncix/db are globally read and executable drwxr-xr-x 16 root root 4096 Jun 6 12:06 var drwxr-xr-x 24 root root 4096 Jun 9 12:33 lib drwxr-xr-x 4 root apache 61 Jun 9 14:05 trac drwxr-xr-x 9 root apache 140 Jun 9 14:16 ncix drwxr-xr-x 2 root apache 20 Jun 9 12:49 db -rw-rw-r— 1 root apache 348160 Jun 9 12:49 trac.db

[anonymous]

Replying to anonymous:

Replying to cboos: Replying to JoelKoglin@…:

… and the directory it is located in.

Did you also verify that?

All directories from / to /var/lib/trac/ncix/db are globally read and executable
drwxr-xr-x 16 root root 4096 Jun 6 12:06 var
drwxr-xr-x 24 root root 4096 Jun 9 12:33 lib
drwxr-xr-x 4 root apache 61 Jun 9 14:05 trac
drwxr-xr-x 9 root apache 140 Jun 9 14:16 ncix
drwxr-xr-x 2 root apache 20 Jun 9 12:49 db
-rw-rw-r— 1 root apache 348160 Jun 9 12:49 trac.db

(sorry im a little new to wiki formatting and I forgot to preview)

[Christian Boos]

Well, the message said "read _and_ write permission to … and the directory it is located in.".

Please try setting +gw to /var/lib/trac/ncix/db.

If that works, the question would be why did we show "root" instead of "apache". getpass.getuser seems to be the wrong way.

[Christian Boos]

Fix display of the user name in the system permission error message

[Christian Boos]

If you don't mind, before fixing the permissions, you could test the patch above.

[anonymous]

Replying to cboos:

If you don't mind, before fixing the permissions, you could test the patch above.

I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.
after adding g+w to the containing directory it worked (i think… no python errors anyways)
I will clean and reemerge trac to test it unpatched with the proper directory permissions to see if it was the patch, the new directory permissions or both that fixed the problem.

Thanks cboos

[Christian Boos]

Replying to anonymous:

Replying to cboos:

If you don't mind, before fixing the permissions, you could test the patch above.

I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.

Exact same? I was expecting you to see:

The user apache requires read _and_ write permissions to the database file

Note that if you see "permission" instead of "permissions", it's still the unpatched code running…

/var/lib/trac/ncix/db/trac.db and the directory it is located in.

[anonymous]

Replying to cboos:

Replying to anonymous:

Replying to cboos:

If you don't mind, before fixing the permissions, you could test the patch above.

I applied the patch and deleted respective pyc files before chmod g+w and got the same error as above.

Exact same? I was expecting you to see:

The user apache requires read _and_ write permissions to the database file

Note that if you see "permission" instead of "permissions", it's still the unpatched code running…

/var/lib/trac/ncix/db/trac.db and the directory it is located in.

unfortunately I already reinstalled. I ran

chown -R root:apache /var/lib/trac
chmod -R 775 /var/lib/trac

and after doing so it worked. Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?

[Christian Boos]

Replying to anonymous:

…

The user apache requires read _and_ write permissions to the database file

unfortunately I already reinstalled.

Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?

Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?

Well, trac-admin has no chance to know how you're going to use your environment, which web-frontend and what effective user will be used… So it creates the environment and sets the permissions for the current user (e.g. root).

[anonymous]

Replying to cboos:

Replying to anonymous:

…

The user apache requires read _and_ write permissions to the database file

unfortunately I already reinstalled.

Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?

Is the ncix folder created when i execute "tracadmin /var/lib/trac/ncix initenv"? Is it then a bug in tracadmin that creates the folder with the wrong permissions?

Well, trac-admin has no chance to know how you're going to use your environment, which web-frontend and what effective user will be used… So it creates the environment and sets the permissions for the current user (e.g. root).

I reinstalled to test what fixed the problem. That file was erased when I cleaned trac off my system.

Thanks for helping me with this

[Christian Boos]

Replying to anonymous:

Replying to cboos:

Maybe you can still find that message in your var/lib/trac/ncix/log/trac.log file?

I reinstalled to test what fixed the problem. That file was erased when I cleaned trac off my system.

Too bad… I guess I have to test by myself then ;-) Patch committed as [8264].

[Christian Boos]

Fix now tested on Linux and confirmed to work.

[mjt@…]

If you're running SELinux in enforcing mode ("cat /selinux/enforce" to find out) you may need to check system logs for "setroubleshoot" entries. Run any "sealert" command given in the logs for an explanation of what happened and a suggestion for a fix.

What worked for me on Fedora 12 was:

chcon -t httpd_var_lib_t /var/lib/trac/myproject/db/trac.db