Recurring Permissions Errors w/ RT 3.4.0

Something has changed in my RT enironment that is causing umask or
permissions problems w/ Mason.

E.g.

Trying to request /rt/Ticket/Display.html?id=1083:

Results in:

error: Couldn’t create object file
/opt/rt3/var/mason_data/obj/standard/Ticket/Display.html: Permission
denied
context:

313: {
314: if ($tries++ == 3) {
315: $self->_compilation_error( $source->friendly_name, “Could not
load or recreate object file after 3 tries” );
316: }
317: if ($objfilemod < $srcmod) {
318: $self->compiler->compile_to_file( file => $objfile, source =>
$source);
319: }
320: $comp = eval { $self->eval_object_code( object_file => $objfile
) };
321:

code stack: /usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Interp.pm:317
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Request.pm:198
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Request.pm:166
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/ApacheHandler.pm:68
/usr/lib/perl5/site_perl/5.8.0/Class/Container.pm:275
/usr/lib/perl5/site_perl/5.8.0/Class/Container.pm:353
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/Interp.pm:222
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/ApacheHandler.pm:899
/usr/lib/perl5/site_perl/5.8.0/HTML/Mason/ApacheHandler.pm:824
/opt/rt3/bin/webmux.pl:132
-e:0
-e:0

Here are the permissions that get set on the autocreated directories:

root@ws1:standard# pwd ; ls -l
/opt/rt3/var/mason_data/obj/standard
total 36
-rw-r–r-- 1 apache apache 8973 Apr 18 09:03 autohandler
drwxr-xr-x 2 apache apache 4096 Apr 18 09:03 Elements
-rw-r–r-- 1 apache apache 6728 Apr 18 09:03 index.html
-rw-r–r-- 1 apache apache 2402 Apr 18 09:03 l
drwxr-xr-x 2 apache apache 4096 Apr 18 09:03 NoAuth
d--------- 2 apache apache 4096 Apr 18 09:38 Ticket

If I fix the perms (755) then things proceed, but as soon as Mason has
to compile and create a new file the problem recurs.

Suggestions? This was working fine not that long ago, but something
has obviously changed. The problem seems to be recurrent, as I’ll fix
it for a while, then I come back and have to fix it again.

-bws

Brian W. Spolarich ~ IT Consultant ~ USCAR ~ +1-248-223-9044

Brian W. Spolarich wrote:

Something has changed in my RT enironment that is causing
umask or permissions problems w/ Mason.

I haven’t seen a response to this (anyone? :-), but I have another
intermittent symptom of this problem.

I noticed this in my mail queue after responding to a message:

j3KKLmvc026806 309 Wed Apr 20 16:21 <>
(Deferred: prog mailer (/usr/sbin/smrsh) exited with
EX_TEMPF)
"|rt-mailgate --queue
rfpo-support --a

I ran the rt-mailgate program to see what happened:

/etc/smrsh/rt-mailgate --queue rfpo-support --action correspond --debug
–url https://foo.com/rt/
hello

quit
^D

read-open /tmp/UwEGePdc9v/part-26199-4.txt: Permission denied at
/usr/lib/perl5/site_perl/5.8.0/MIME/Body.pm line 417.

  Taking a look at the temp directory, I see this:

root@ws1:mqueue# ls -l /tmp/UwEGePdc9v 
total 4
----------    1 apache   apache          5 Apr 20 16:50 part-26199-4.txt

  Again, these temp directories get created with wacky modes (0000 in
this case).

  I also see this in the rt.log file:

[Wed Apr 20 20:50:07 2005] [warning]: Can't remove directory
/tmp/UwEGePdc9v: Directory not empty at /opt/rt3/lib/RT/EmailParser.pm
line 627 (/opt/rt3/lib/RT.pm:277)

  Looking at the temp directories that don't get removed, I see these
perms:

root@ws1:/tmp# find HGSb5lNWOx DXcYnVLUcm lJIs5RNJju 0ouhmQs94U
UwEGePdc9v -ls
474563    4 drwx------   2 apache   apache       4096 Apr 13 13:28
HGSb5lNWOx
474564    4 ----------   1 apache   apache        143 Apr 13 13:28
HGSb5lNWOx/part-28003-3.txt
474565    4 ----------   1 apache   apache        586 Apr 13 13:28
HGSb5lNWOx/part-28003-4.html
834337    4 drwx------   2 apache   apache       4096 Apr 20 16:21
DXcYnVLUcm
834338    4 ----------   1 apache   apache        309 Apr 20 16:21
DXcYnVLUcm/part-26199-1.txt
834339    4 drwx------   2 apache   apache       4096 Apr 20 16:21
lJIs5RNJju
834340    4 ----------   1 apache   apache        309 Apr 20 16:21
lJIs5RNJju/part-26199-2.txt
834341    4 drwx------   2 apache   apache       4096 Apr 20 16:50
0ouhmQs94U
834342    4 ----------   1 apache   apache          5 Apr 20 16:50
0ouhmQs94U/part-26199-3.txt
834343    4 drwx------   2 apache   apache       4096 Apr 20 16:50
UwEGePdc9v
834344    4 ----------   1 apache   apache          5 Apr 20 16:50
UwEGePdc9v/part-26199-4.txt

  So what the heck is causing these totally inappropriate directory
modes?  Whatever is causing this is also presumably causing my
mason_files directory to get screwed up.

  -brian

Again, these temp directories get created with wacky modes (0000 in
this case).

What default permissions are set for processes on your system? Do you have
some other kind of security feature that might be interfering (ACLs and so
on)?

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"I guess we all have our burdens to share." - me

Russell Mosemann wrote:> On Wed, 20 Apr 2005, Brian W. Spolarich wrote:

Again, these temp directories get created with wacky modes (0000 in
this case).

What default permissions are set for processes on your
system? Do you have some other kind of security feature that
might be interfering (ACLs and so on)?

I’m running a fairly stock RHEL3. What should I be looking at?

-bws

Russell Mosemann wrote:

What default permissions are set for processes on your
system? Do you have some other kind of security feature that
might be interfering (ACLs and so on)?

I’m running a fairly stock RHEL3. What should I be looking at?

We are running Debian Sarge. I have seen multiple posts to this list about
turning off SELINUX on RedHat, but I’m not the person to ask about that.

Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"If you had to read this, then you are not a member of the American
Association of Professional Psychics."