Page MenuHomePhabricator
Create Task
Maniphest T349687

Cannot edit files of a tool as a user anymore
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

  • Using SFTP (Forklift or VS Code on Mac) I open a file from one of my tools to edit
  • The file has group write permissions, and I (user account) am a member of the tool group
  • I edit the file
  • I try to save it

What happens?:
Example:

NoPermissions (FileSystemError): Error: EACCES: permission denied, open '/data/project/wdrc/public_html/api.php'

What should have happened instead?:
Saving (overwriting) the file. This worked until a few days ago, since toolforge (and before, the toolserver) existed.

Other information (browser name/version, screenshots, etc.):
Tools I tried: wdrc, magnustools, fist. Used to work everywhere, now doesn't.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
ldap: client: auto-restart sssd-nss on failureoperations/puppetproduction+17 -0
Customize query in gerrit

Event Timeline

Magnus created this task.Oct 25 2023, 9:49 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 25 2023, 9:49 AM
Magnus added a project: Toolforge.Oct 25 2023, 9:49 AM
Magnus updated the task description. (Show Details)

FWIW, I can edit the files if I become the tool, but I don't like editing in shell, especially for larger code.

LucasWerkmeister subscribed.Oct 25 2023, 11:05 AM

The file has group write permissions

Not as far as I can tell:

lucaswerkmeister@tools-sgebastion-10:~$ ls -l /data/project/wdrc/public_html/api.php
-rw-r--r-- 1 tools.wdrc tools.wdrc 10949 Okt 25 10:08 /data/project/wdrc/public_html/api.php

I don’t know why, though – I don’t see a recent mass-chmod in the SAL.

Magnus added a comment.Oct 25 2023, 12:35 PM

Odd. Now it does. Same issue.

Magnus added a comment.Oct 25 2023, 12:37 PM

Other test case: /Users/mm6/php/magnustools/public_html/php/ToolforgeCommon.php

LucasWerkmeister added a comment.Oct 25 2023, 5:13 PM
In T349687#9279528, @Magnus wrote:

Other test case: /Users/mm6/php/magnustools/public_html/php/ToolforgeCommon.php

Also not group-readable:

lucaswerkmeister@tools-sgebastion-10:~$ ls -l /data/project/magnustools/public_html/php/ToolforgeCommon.php
-rw-r--r-- 1 tools.magnustools tools.magnustools 21878 Okt 25 14:08 /data/project/magnustools/public_html/php/ToolforgeCommon.php

Also, wdrc’s api.php is group-readonly again –

lucaswerkmeister@tools-sgebastion-10:~$ ls -l /data/project/wdrc/public_html/api.php
-rw-r--r-- 1 tools.wdrc tools.wdrc 11670 Okt 25 14:27 /data/project/wdrc/public_html/api.php

– yet I could swear that, when I looked shortly after you left the above comment, it was group-writable.

Stashbot added a comment.Oct 25 2023, 5:14 PM

Mentioned in SAL (#wikimedia-cloud) [2023-10-25T17:14:05Z] <wm-bot> <lucaswerkmeister> chmod +x /data/project/wdrc/public_html/api.php # debug T349687

LucasWerkmeister added a comment.Oct 25 2023, 5:14 PM

wait, wrong command 🤦

Stashbot added a comment.Oct 25 2023, 5:15 PM

Mentioned in SAL (#wikimedia-cloud) [2023-10-25T17:15:08Z] <wm-bot> <lucaswerkmeister> chmod -x /data/project/wdrc/public_html/api.php # my bad (cc T349687)

Stashbot added a comment.Oct 25 2023, 5:15 PM

Mentioned in SAL (#wikimedia-cloud) [2023-10-25T17:15:26Z] <wm-bot> <lucaswerkmeister> chmod g+w /data/project/wdrc/public_html/api.php # debug T349687

LucasWerkmeister added a comment.Oct 25 2023, 5:16 PM
tools.wdrc@tools-sgebastion-10:~$ { ls -l /data/project/wdrc/public_html/api.php; while sleep 1m; do ls -l /data/project/wdrc/public_html/api.php; done; } | tee T349687-log
-rw-rw-r-- 1 tools.wdrc tools.wdrc 11670 Okt 25 14:27 /data/project/wdrc/public_html/api.php

Let’s see if it turns itself group-readonly again, and if yes, how quickly…

LucasWerkmeister added a comment.Oct 26 2023, 12:21 AM

Well, it hasn’t turned itself group-readonly so far.

taavi subscribed.Oct 26 2023, 8:26 AM

I noticed that sssd-nss.service had crashed on the file system server, that might have been causing this. Can you try now on a file that is group-writable?

Magnus closed this task as Resolved.Oct 26 2023, 8:34 AM
Magnus claimed this task.

@taavi Success! I tried /Users/mm6/php/magnustools/public_html/php/ToolforgeCommon.php which had magically reverted to non-group-writable again, so I changed it to group-writable now, and yes I can edit as before!

Confirmed on other files in other tools.

Stashbot added a comment.Oct 26 2023, 7:31 PM

Mentioned in SAL (#wikimedia-cloud) [2023-10-26T19:31:17Z] <wm-bot> <lucaswerkmeister> unlink T349687-log # T349687 cleanup

Magnus reopened this task as Open.Nov 1 2023, 9:32 AM

Aaaaand its back again.

Example: mix-n-match tool
/data/project/mix-n-match/classes/UpdateCatalog.php

Can someone please restart the sssd-nss.service and maybe put an auto-restart in?

Magnus closed this task as Resolved.Nov 1 2023, 9:43 AM

Seems to be fixed now?

taavi added a comment.Nov 1 2023, 9:48 AM

Yeah, I restarted it. I'm working on a patch to automate that.

gerritbot added a comment.Nov 1 2023, 10:15 AM

Change 970728 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] ldap: client: auto-restart sssd-nss on failure

https://gerrit.wikimedia.org/r/970728

gerritbot added a project: Patch-For-Review.Nov 1 2023, 10:15 AM
gerritbot added a comment.Nov 28 2023, 6:43 PM

Change 970728 merged by Andrew Bogott:

[operations/puppet@production] ldap: client: auto-restart sssd-nss on failure

https://gerrit.wikimedia.org/r/970728

Maintenance_bot removed a project: Patch-For-Review.Nov 28 2023, 7:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits