#1131 closed defect (fixed)
Permission problems creating a new directory in a shared directory
| Reported by: | Jari Häkkinen | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | critical | Milestone: | BASE 2.8.3 |
| Component: | core | Version: | 2.8.2 |
| Keywords: | Cc: |
Description
On our BASE production server running 2.8.2 we have a problem running Base1PluginExecuter.
We have a project with several members. The project has a project directory shared with RUW for all members. Running a Base1 plug-in for the first time, i.e., no sub-directories exists in the project directory, gives
Error: Error during export: Permission denied: Not allowed to read Directory[id= ; name= ]
where the directory is the home directory of the user managing the project. Of course, this directory is not shared to the project. The expected outcome is that the plug-in should run and create the result directory.
A work around is to share the directory with R permission for everyone in the project but this is not really what we want to do.
Stacktrace:
net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Directory[id=119; name=G&J] at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:112) at net.sf.basedb.core.DbControl.getItem(DbControl.java:811) at net.sf.basedb.core.DbControl.loadItem(DbControl.java:696) at net.sf.basedb.core.Directory.getById(Directory.java:168) at net.sf.basedb.core.Directory.getByPath(Directory.java:188) at net.sf.basedb.core.Directory.getNew(Directory.java:140) at net.sf.basedb.plugins.Base1PluginExecuter.createPluginDirectory(Base1PluginExecuter.java:510) at net.sf.basedb.plugins.Base1PluginExecuter.getPluginDirectory(Base1PluginExecuter.java:1400) at net.sf.basedb.plugins.Base1PluginExecuter.exportData(Base1PluginExecuter.java:818) at net.sf.basedb.plugins.Base1PluginExecuter.run(Base1PluginExecuter.java:647) at net.sf.basedb.core.PluginExecutionRequest.invoke(PluginExecutionRequest.java:108) at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.executeJob(ThreadJobExecutor.java:111) at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.main(ThreadJobExecutor.java:204)
Change History (7)
comment:1 by , 16 years ago
follow-up: 3 comment:2 by , 16 years ago
The Base1PluginExecuter selects to store data in a directory based on the plug-in configuration name. This directory is appended to the default directory for the experiment
/parh/to/experiment/plug-in_configuration_name
The path to the experiment directory usually lies inside the experiment creators home directory, like
/home/userdir/projectdir/experiment
If the projectdir directory is shared to the project members but not the userdir then one gets the described error. However, if userdir is shared to the project with R privileges then there is no complaint from the plug-in with respect to reading the directory (there are some other problems though which might end up in another ticket).
The plug-in is trying to store data in a shared directory (RUW for project memebers) but some underlying directories (like the home directory of the "true" owner of the directory location) are not shared causing the issue.
comment:3 by , 16 years ago
Replying to jari:
... (there are some other problems though which might end up in another ticket).
I decided to post the new issue here. Now I get
Error: Error during export: Permission denied: Not allowed to read Project key[id=431]
and I do not know what the problem is. The stack trace looks similar to the original though:
net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Project key[id=431] at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:112) at net.sf.basedb.core.DbControl.getItem(DbControl.java:811) at net.sf.basedb.core.SharedItem.getProjectKey(SharedItem.java:72) at net.sf.basedb.core.ShareableUtil.copyPermissions(ShareableUtil.java:177) at net.sf.basedb.core.Directory.getNew(Directory.java:104) at net.sf.basedb.core.Directory.newSubDirectory(Directory.java:744) at net.sf.basedb.core.Directory.getNew(Directory.java:144) at net.sf.basedb.plugins.Base1PluginExecuter.createPluginDirectory(Base1PluginExecuter.java:510) at net.sf.basedb.plugins.Base1PluginExecuter.getPluginDirectory(Base1PluginExecuter.java:1400) at net.sf.basedb.plugins.Base1PluginExecuter.exportData(Base1PluginExecuter.java:818) at net.sf.basedb.plugins.Base1PluginExecuter.run(Base1PluginExecuter.java:647) at net.sf.basedb.core.PluginExecutionRequest.invoke(PluginExecutionRequest.java:108) at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.executeJob(ThreadJobExecutor.java:111) at net.sf.basedb.clients.jobagent.executors.ThreadJobExecutor.main(ThreadJobExecutor.java:204)
comment:4 by , 16 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:5 by , 16 years ago
The problem seems to be that the Directory.getNew() method fails if the logged in user hasn't at least read permission on every directory on the path. This is not compatible with, for example, the Directory.getByPath() method which only checks permission on the last directory.
comment:6 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Hmmm... I really don't understand this bug report. It is up to the user to select a directory where the plug-in can store it's files. If there is a directory that is shared to a project with the purpose of sharing files, then the user running the plug-in should select that directory for the plug-in. If no directory is selected the Base1PluginExecuter automatically chooses a directory as follows: