Actions
Defect #2642
closedWhen mounting data and backup directories to bcv-czechidm container, container does not ensure correct privileges on them
Start date:
01/14/2021
Due date:
% Done:
0%
Estimated time:
Owner:
Description
When data and/or backup directories (/opt/czechidm/{data,backup}
inside container) are mounted from host, they are mounted with some privileges.
Container does not ensure they are chown-ed to tomcat
user during start, meaning IdM cannot use them for writing.
There is even a stacktrace during fresh IdM start becuase IdM cannot create temp directory:
czechidm | 2021-01-13 12:25:34.216 ERROR 172447 --- [scheduling-1] o.s.s.s.TaskUtils$LoggingErrorHandler.handleError : Unexpected error occurred in scheduled task. czechidm | eu.bcvsolutions.idm.core.api.exception.ResultCodeException: Creating directory for default temp storage [/opt/czechidm/data/temp] in temp directory failed. czechidm | at eu.bcvsolutions.idm.core.ecm.config.DefaultAttachmentConfiguration.getTempPath(DefaultAttachmentConfiguration.java:68) ... czechidm | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) czechidm | at java.base/java.lang.Thread.run(Thread.java:834) czechidm | Caused by: java.io.IOException: Unable to create directory /opt/czechidm/data/temp czechidm | at org.apache.commons.io.FileUtils.forceMkdir(FileUtils.java:2491) czechidm | at eu.bcvsolutions.idm.core.ecm.config.DefaultAttachmentConfiguration.getTempPath(DefaultAttachmentConfiguration.java:65) czechidm | ... 18 common frames omitted
Bad privileges:
[root@czechidm czechidm]# ll total 0 drwxr-xr-x. 2 root root 6 Jan 13 12:08 backup drwxr-xr-x. 3 root root 18 Jan 13 12:32 data drwxr-xr-x. 1 root tomcat 194 Jan 13 12:22 etc drwxr-xr-x. 2 root tomcat 6 Dec 18 14:46 lib
Correct privileges:
[root@czechidm czechidm]# ll total 0 drwxr-xr-x. 2 tomcat root 6 Jan 13 12:08 backup drwxr-xr-x. 3 tomcat root 18 Jan 13 12:32 data drwxr-xr-x. 1 root tomcat 194 Jan 13 12:22 etc drwxr-xr-x. 2 root tomcat 6 Dec 18 14:46 libWe need to:
- Adjust bcv-czechidm container runscripts so they ensure correct privileges on those directories.
- It is possible to adjust owner of directories manually and (since directories are mounted from host in this scenario) it will persist afterwards. This is doable either from the host or from inside the container; uid mapping needs to be taken into consideration when adjusting from the host.
Updated by Petr Fišer almost 4 years ago
- Tracker changed from Task to Defect
- Affected versions bcv-czechidm:10.1.0-r1, bcv-czechidm:10.2.0-r0, bcv-czechidm:10.3.1-r0, bcv-czechidm:10.6.3-r0, bcv-czechidm:10.7.0-r0 added
Updated by Petr Fišer almost 4 years ago
- Target version set to bcv-czechidm:10.7.0-r1
Updated by Petr Fišer almost 4 years ago
- Status changed from New to In Progress
- Assignee set to Petr Fišer
Implemented in git.f51f73e . Tested.
Actions