Page MenuHomePhabricator
Create Task
Maniphest T295310

Only write to /tmp/mw-cache-* if running as www-data user
Closed, DeclinedPublic
Actions

Description

The /tmp/mw-cache-* directory and files created by multiversion/MWConfigCacheGenerator.php are intended to be owned by the www-data user. If, for example, a maintenance script is run by the mwdeploy user (without using using mwscript), MWConfigCacheGenerator may either fail to update files in /tmp/mw-cache-*, generating a warning like:

PHP Warning:  rename(/tmp/conf2-aawiki.json7MDvB9,/tmp/mw-cache-1.38.0-wmf.2/conf2-aawiki.json): Permission denied in /srv/mediawiki/multiversion/MWConfigCacheGenerator.php on line 327

or if the directory doesn't exist, it will be created and owned by mwdeploy, leaving it unwriteable by www-data.

For T295304 I have the need to run rebuildLocalisationCache.php directly as the mwdeploy user. The www-data user doesn't have permission to write where rebuildLocalisationCache.php needs to write.

Proposal: Don't call MWConfigCacheGenerator::writeToStaticCache unless the effective user is www-data. This will avoid warnings and prevent unintended ownership of /tmp/mw-cache*.

An alternate proposal is to only try to update /tmp/mw-cache* when PHP_SAPI === 'fpm-fcgi'. However, that might make it hard to test changes to multiversion/MWConfigCacheGenerator.php.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
CommonSettings.php: Only write to /tmp/mw-cache-* if running as www-data useroperations/mediawiki-configmaster+14 -10
Customize query in gerrit

Related Objects

Event Timeline

dancy created this task.Nov 8 2021, 6:25 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 8 2021, 6:25 PM
gerritbot added a comment.Nov 8 2021, 6:28 PM

Change 737468 had a related patch set uploaded (by Ahmon Dancy; author: Ahmon Dancy):

[operations/mediawiki-config@master] CommonSettings.php: Only write to /tmp/mw-cache-* if running as www-data user

https://gerrit.wikimedia.org/r/737468

gerritbot added a project: Patch-For-Review.Nov 8 2021, 6:29 PM
Krinkle subscribed.Nov 8 2021, 9:51 PM

To my knowledge, there is no valid reason for MW code to execute under a different user in a production environment. If anything, it would need to fatal immediately before something else goes wrong. There are meant to be safeguards in place to prevent this code from ever being reached.

dancy added a comment.Nov 8 2021, 10:01 PM

T295304: Improve efficiency of scap l10n operations is a reason that I am trying to introduce. For that I need to be able to run rebuildLocalisationCache.php on target mediawiki nodes. A workaround would be to make the php-<vers>/cache/l10n directory writable by www-data (it's currently owned and writable by mwdeploy). I'm open to other suggestions.

Aklapper added a project: Wikimedia-Site-requests.Nov 9 2021, 1:09 PM
gerritbot added a comment.Nov 10 2021, 5:45 PM

Change 737468 abandoned by Ahmon Dancy:

[operations/mediawiki-config@master] CommonSettings.php: Only write to /tmp/mw-cache-* if running as www-data user

Reason:

I will find a different approach

https://gerrit.wikimedia.org/r/737468

dancy closed this task as Declined.Nov 10 2021, 5:49 PM

I will find a different way to deal with the permissions issues that triggered this ticket.

Maintenance_bot removed a project: Patch-For-Review.Nov 10 2021, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits