Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#1131 closed defect (fixed)

Permission problems creating a new directory in a shared directory

Reported by: Jari Häkkinen Owned by: Nicklas Nordborg
Priority: critical Milestone: BASE 2.8.3
Component: core Version: 2.8.2
Keywords: Cc:

Description

On our BASE production server running 2.8.2 we have a problem running Base1PluginExecuter.

We have a project with several members. The project has a project directory shared with RUW for all members. Running a Base1 plug-in for the first time, i.e., no sub-directories exists in the project directory, gives

Error: Error during export: Permission denied: Not allowed to read Directory[id= ; name= ]

where the directory is the home directory of the user managing the project. Of course, this directory is not shared to the project. The expected outcome is that the plug-in should run and create the result directory.

A work around is to share the directory with R permission for everyone in the project but this is not really what we want to do.

Stacktrace:

net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Directory[id=119; name=G&J]
at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:112)
at net.sf.basedb.core.DbControl.getItem(DbControl.java:811)
at net.sf.basedb.core.DbControl.loadItem(DbControl.java:696)
at net.sf.basedb.core.Directory.getById(Directory.java:168)
at net.sf.basedb.core.Directory.getByPath(Directory.java:188)
at net.sf.basedb.core.Directory.getNew(Directory.java:140)
at net.sf.basedb.plugins.Base1PluginExecuter.createPluginDirectory(Base1PluginExecuter.java:510)
at net.sf.basedb.plugins.Base1PluginExecuter.getPluginDirectory(Base1PluginExecuter.java:1400)
at net.sf.basedb.plugins.Base1PluginExecuter.exportData(Base1PluginExecuter.java:818)
at net.sf.basedb.plugins.Base1PluginExecuter.run(Base1PluginExecuter.java:647)
at net.sf.basedb.core.PluginExecutionRequest.invoke(PluginExecutionRequest.java:108)
at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.executeJob(ThreadJobExecutor.java:111)
at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.main(ThreadJobExecutor.java:204)

Change History (7)

comment:1 by Nicklas Nordborg, 16 years ago

Hmmm... I really don't understand this bug report. It is up to the user to select a directory where the plug-in can store it's files. If there is a directory that is shared to a project with the purpose of sharing files, then the user running the plug-in should select that directory for the plug-in. If no directory is selected the Base1PluginExecuter automatically chooses a directory as follows:

  1. The default directory selected for the experiment.
  2. The home directory of the logged in user
  3. The root directory

comment:2 by Jari Häkkinen, 16 years ago

The Base1PluginExecuter selects to store data in a directory based on the plug-in configuration name. This directory is appended to the default directory for the experiment

/parh/to/experiment/plug-in_configuration_name

The path to the experiment directory usually lies inside the experiment creators home directory, like

/home/userdir/projectdir/experiment

If the projectdir directory is shared to the project members but not the userdir then one gets the described error. However, if userdir is shared to the project with R privileges then there is no complaint from the plug-in with respect to reading the directory (there are some other problems though which might end up in another ticket).

The plug-in is trying to store data in a shared directory (RUW for project memebers) but some underlying directories (like the home directory of the "true" owner of the directory location) are not shared causing the issue.

in reply to:  2 comment:3 by Jari Häkkinen, 16 years ago

Replying to jari:

... (there are some other problems though which might end up in another ticket).

I decided to post the new issue here. Now I get

Error: Error during export: Permission denied: Not allowed to read Project key[id=431]

and I do not know what the problem is. The stack trace looks similar to the original though:

net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Project key[id=431]
at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:112)
at net.sf.basedb.core.DbControl.getItem(DbControl.java:811)
at net.sf.basedb.core.SharedItem.getProjectKey(SharedItem.java:72)
at net.sf.basedb.core.ShareableUtil.copyPermissions(ShareableUtil.java:177)
at net.sf.basedb.core.Directory.getNew(Directory.java:104)
at net.sf.basedb.core.Directory.newSubDirectory(Directory.java:744)
at net.sf.basedb.core.Directory.getNew(Directory.java:144)
at net.sf.basedb.plugins.Base1PluginExecuter.createPluginDirectory(Base1PluginExecuter.java:510)
at net.sf.basedb.plugins.Base1PluginExecuter.getPluginDirectory(Base1PluginExecuter.java:1400)
at net.sf.basedb.plugins.Base1PluginExecuter.exportData(Base1PluginExecuter.java:818)
at net.sf.basedb.plugins.Base1PluginExecuter.run(Base1PluginExecuter.java:647)
at net.sf.basedb.core.PluginExecutionRequest.invoke(PluginExecutionRequest.java:108)
at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.executeJob(ThreadJobExecutor.java:111)
at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.main(ThreadJobExecutor.java:204)

comment:4 by Nicklas Nordborg, 16 years ago

Owner: changed from everyone to Nicklas Nordborg
Status: newassigned

comment:5 by Nicklas Nordborg, 16 years ago

The problem seems to be that the Directory.getNew() method fails if the logged in user hasn't at least read permission on every directory on the path. This is not compatible with, for example, the Directory.getByPath() method which only checks permission on the last directory.

comment:6 by Nicklas Nordborg, 16 years ago

Resolution: fixed
Status: assignedclosed

(In [4554]) Fixes #1131: Permission problems creating a new directory in a shared directory

comment:7 by Nicklas Nordborg, 16 years ago

(In [4580]) References #1131: Permission problems creating a new directory in a shared directory

Removed debug output and unused code.

Note: See TracTickets for help on using tickets.