Last modified: 2013-11-18 10:09:02 UTC
I try to write to the (example) "geograph2commons" tool directory as "magnus" (rather than as the tool user). Despite apparently correct permissions, I get "permission denied": magnus@tools-login:/data/project/geograph2commons$ touch test touch: cannot touch `test': Permission denied magnus@tools-login:/data/project/geograph2commons$ ll -ld . drwxrwsr-x 4 local-geograph2commons local-geograph2commons 116 May 28 17:37 ./ magnus@tools-login:/data/project/geograph2commons$ groups wikidev project-bastion project-wikidata-dev project-tools local-flickr2commons local-joanjoc local-magnustools local-catscan2 local-geograph2commons This is the case on all my tools now. It worked fine until earlier today. Help, urgent!!! (Might be related to https://bugzilla.wikimedia.org/show_bug.cgi?id=43896 )
If things are really urgent you might want to ask on IRC in #wikimedia-labs http://www.mediawiki.org/wiki/MediaWiki_on_IRC , or on the mailing list. > Despite apparently correct permissions Output welcome so one could also check if it's "apparently correct". :)
Hello I am well aware of this. I believe this problem is related to a daemon that run on nfs server, which sometimes die. The problem is that I have no access to this server and Coren is on vacation. There is this workaround: Copy the files to a publicly accessible folder OR folder that you and your tool has access to example: mkdir /mnt/magnus chgrp local-mytool /mnt/magnus chmod 770 /mnt/magnus cp myfile /mnt/magnus #now switch to your tool become mytool cp /mnt/magnus/* ~/bin/myfile I will insert more people from ops to this bug but I don't know if anyone else has any idea how this stuff works
I lowered it to "critical" because there is a workaround (hence no blocker) but it is a problem which needs to be resolved quickly
*** Bug 48926 has been marked as a duplicate of this bug. ***
Tried your workaround, but: magnus@tools-login:/data/project/tusc/public_html$ mkdir /tmp/magnus magnus@tools-login:/data/project/tusc/public_html$ chgrp local-tusc /tmp/magnus chgrp: changing group of `/tmp/magnus': Operation not permitted magnus@tools-login:/data/project/tusc/public_html$ ll -ld /tmp/magnus drwxrwxr-x 1 magnus wikidev 0 May 29 17:34 /tmp/magnus/
It works for me if I sg to the tool's group. cbm@tools-login:~$ cp Test ~local-enwp10/ cp: cannot create regular file `/data/project/enwp10/Test': Permission denied cbm@tools-login:~$ ls -ld ~local-enwp10 drwxrwsr-x 9 local-enwp10 local-enwp10 4096 May 29 17:40 /data/project/enwp10 cbm@tools-login:~$ sg local-enwp10 cbm@tools-login:~$ cp Test ~local-enwp10/ cbm@tools-login:~$ ls -l ~local-enwp10/Test -rw-rw-r-- 1 cbm local-enwp10 5 May 29 18:41 /data/project/enwp10/Test
(In reply to comment #6) > It works for me if I sg to the tool's group. > > cbm@tools-login:~$ cp Test ~local-enwp10/ > cp: cannot create regular file `/data/project/enwp10/Test': Permission denied > cbm@tools-login:~$ ls -ld ~local-enwp10 > drwxrwsr-x 9 local-enwp10 local-enwp10 4096 May 29 17:40 /data/project/enwp10 > cbm@tools-login:~$ sg local-enwp10 > cbm@tools-login:~$ cp Test ~local-enwp10/ > cbm@tools-login:~$ ls -l ~local-enwp10/Test > -rw-rw-r-- 1 cbm local-enwp10 5 May 29 18:41 /data/project/enwp10/Test I also have this problem and the workaround works for me. Thanks!
problem solved
(In reply to comment #8) > problem solved THANK YOU!
magnus, are you sure this is still a problem? it works to me...
Yup, still a problem for me: magnus@tools-login:~$ cd /data/project/wikidata-terminator/public_html/ magnus@tools-login:/data/project/wikidata-terminator/public_html$ touch a touch: cannot touch `a': Permission denied magnus@tools-login:/data/project/wikidata-terminator/public_html$ groups wikidev project-bastion project-wikidata-dev project-tools local-flickr2commons local-joanjoc local-magnustools local-catscan2 local-geograph2commons local-tusc local-catfood local-dnbtools local-geohack local-glamtools local-wikidata-terminator magnus@tools-login:/data/project/wikidata-terminator/public_html$
The underlying issue is still existing; there are limitations with unauthenticated lists of users from LDAP that we are beginning to hit. Andrew Bogott is on it.
Aaaand... it's back, this time only for the new tool "wikidata-todo". I hope there will be some permanent fix for this soon.
As far as I can tell, I see no matching symptoms (and, indeed, from a quick test on -login your user account (magnus) /is/ able to write to the tool's home. Have you logged out and back in after creating the group? Remember that Unix groups are only set up upon login.
I did that, and it still didn't work. Now, I just let it sit there (logged in) for a while, and now it works. Maybe some permission cron job?
Well, the permissions do propagate at interval but should be frequent enough (60s) that it makes no practical difference. There is almost certainly some amount of caching taking place at the NFS server level, however, which might cause a delay if the first attempt takes place before the permissions are propagated (i.e., it would "remember" you don't have access rights for a while until the cache expires). This should normally self-correct within several minutes. I have been unable to reproduce the problem, however, so I expect the "window of opportunity" might be relatively small.
It's happening again (can't write to one of my tools' files as "magnus"), this time for the tool "magnus-toolserver". I'm in the group "local-magnus-toolserver"; file is g+rw; logged out, rebooted local machine. It's been a few hours, so...
root@tools-login:~# sudo -iu magnus [snip motd] magnus@tools-login:~$ touch /data/project/magnus-toolserver/test magnus@tools-login:~$ ls -l /data/project/magnus-toolserver/test -rw-rw-r-- 1 magnus local-magnus-toolserver 0 Nov 17 23:15 /data/project/magnus-toolserver/test magnus@tools-login:~$ I am unable to reproduce the problem. Is there a specific file you are unable to write to?
Works for me as well now. Thanks.