[Edited] RT-Shredder setup problems

RT Users
1

Request Tracker is unleashing the absolute hell on me. After trying to delete a user in app, I was told that I am missing RT-Shredder and permissions to it, so I searched around this forum to find people saying they manually made the file and added permissions. I did just that and now not only the shredder still does not work, but my Top Panel disappeared and I cannot use the app properly.

I tried going into the rt-5.0.2 file and do make fixperms and while it showed that it did make the mentioned opt/rt5/var files readable, it has not changed. What do I do and how do I do it quick? Is reinstall necessary? I do not want to break everything again and I got like an hour to fix this

2

I did just that and now not only the shredder still does not work, but my Top Panel disappeared and I cannot use the app properly.

What did you do specifically here?

but my Top Panel disappeared and I cannot use the app properly.

Are there errors pointing to file permissions?

3

I did:

sudo groupadd web-grp

sudo gpasswd -a www-data web-grp

sudo chown -R :web-grp /opt/rt5/var/data

sudo chmod -R ug+rw /opt/rt5/var/data
find /opt/rt5/var/data -type d -exec chmod g+xs {} ;

sudo service apache2 restart
reffering to this ubuntu - How to make folder always writeable by apache? - Super User

I took note before changing the owner, the owner was root, so I tried to change it back with

sudo chown -R root /opt/rt5/var/data

that’s where I am at now. I also tried doing mentioned fixperms in rt-5.0.2 directory, but I am guessing that just prepares for a new install? I dont know.

Yes after clicking on any button in the web UI I get “Permission denied” error message

4

I wouldn’t mess with file permissions directly yourself, that is what fixperms is for. In my experience making the shredder dir and then running fixperms is enough.

Since Apache already has access to the RT files (as the apache user) I wouldn’t think there is a need or desire to create a new web-grp for ownership.

After running fixperms what do the file permissions look like?

5

/opt ls -l
total 4
drwxr-xr-x 10 root root 4096 May 10 15:05 rt5

/opt/rt5/var# ls -l
total 12
drwxr-xr-x 2 www-data rt 4096 May 10 15:05 log
drwxrwx— 5 www-data rt 4096 May 10 15:05 mason_data
drwxrwx— 2 www-data rt 4096 May 10 15:05 session_data

They look like they did in fixperms process but it is still not working. I will have to try rebooting once again

6

I wouldn’t reboot for permission issues! What do the RT logs say when you see permission denied?

7

Did you run the above for var/data or mason_data? Is data a directory in var?

8

already rebooted before you replied sorry. The logs seem to not mention anything about denied permissions and the app is also not showing denied permissions anymore, but the top panel is still insivible.

I did run it for var/data not the mason_data. Since the RT UI asked me for a var/data/RT-Shredder, I have made the data directory manually with mkdir.

Did not find anything related to permissions denied in debug log

9

Ah right shredder is data/ maybe the navbar missing is just caching, you can try doing a hard refresh in your browser to drop caching and you can also wipe the mason cache rm -Rf var/mason_data/obj/* if the refresh doesn’t do anything

10

I did clean the mason cache as you mentioned and also tried clearing my browser cache, but sadly still, I get to log in and then no upper panel

11

I am sorry. Me being the dumbass I am, I accidentally uncommented a CSP header with empty src resulting in making the app unusable. After realizing it now and deleting the line, the panel is back up. This truly is a challlenge.I am embarassed and sorry for all the fuss above.

12

That being said, how can I now safely make RT::Shredder work ?

13

You can access it from the UI under Admin->Tools->Shredder now

14

That again points me to this message:

Couldn’t open ‘/opt/rt5/var/data/RT-Shredder/20220616T185938-0001.sql’ for write: Permission denied
I have set permissions for RT group, first tried some classic rules like 764 and even 777, but I am still getting pointed to an SQL file that does not even exist in my directory. Should that be also created manually ?

15

The directory should be created and be writable by the web server account.
RT drops a copy of the SQL needed to re-create the shredded item just in case you accidentally deleted the wrong stuff or too much.

16

These are my permissions:
getfacl /opt/rt5/var/data

file: data

owner: root

group: rt

flags: -s-

user::rwx
group::rw-
other::rw-
default:user::rw-
default:group::rw-
default:other::rw-

getfacl /opt/rt5/var/data/RT-Shredder/

file: RT-Shredder/

owner: root

group: rt

flags: -s-

user::rwx
group::rw-
other::rw-
default:user::rwx
default:group::rwx
default:other::rw-

In app UI I get:
Shredder needs a directory to write dumps to. Please ensure that the directory /opt/rt5/var/data/RT-Shredder exists and that it is writable by your web server.

17

RT :: Shredder is extension to RT which allows you to permanently wipeout data from the RT database. Shredder supports 192.168.l.254 the wiping of almost all RT … Shredder’s WebUI integrates into RT’s WebUI and you can find it under Configuration -Tools- Shredder tab. This interface is similar to CLI and give you the same … After shredding , it’s a good idea to run the rt -validator utility to confirm the database doesn’t have broken references. You may even want to …

18

If you’re still having permission problems, one thing to check is if SELinux is running (enforcing) and if it is, do you have anything in the audit log about accessing those files/directories? In my experience weird permissions issues (not just in RT) can often be tracked down to SELinux and its extensions to the traditional Unix/Linux permissions system.