Re: installing Apache::Test via CPAN impossible as root
Udo Rader wrote: Am Tue, 26 Aug 2003 16:07:21 + schrieb Stas Bekman: As you posted in the followup, this is a problem with all Apache:: modules. The problem originates within Apache, not us. Didn't know that apache rejects to run as root. Strange (but safe) behaviour. It starts as root alright, but won't spawn workers as root. Ideas how to solve this are *very* welcome. The best idea I have is to serve the htdocs directory from outside the ~root hierarchy. Apache is initially started as root and thus has no difficulties to get the configuration stuff needed to start up. A quick (non MSWormOS compatible) fix would be to patch lib/Apache/TestConfig.pm as follows: ---CUT --- TestConfig.pm 2003-06-07 01:43:28.0 +0200 +++ TestConfig.pm.docroot_patched 2003-08-27 12:13:26.0 +0200 @@ -214,7 +214,7 @@ $vars->{t_dir}||= catfile $vars->{top_dir}, 't'; $vars->{serverroot} ||= $vars->{t_dir}; -$vars->{documentroot} ||= catfile $vars->{serverroot}, 'htdocs'; +$vars->{documentroot} ||= "/tmp/Apache-Test.$$/htdocs"; $vars->{perlpod} ||= $self->find_in_inc('pods') || $self->find_in_inc('pod'); $vars->{perl} ||= $^X; ---CUT this is only needed for root-run tests, which most of us don't do. Moving the entire t/ directory to temp is IMHO not necessary, but depending on the test needs it may also be required to copy a cgi-bin directory to /tmp as well. Other dirs top-level t/ dirs may need to be copied as well, e.g. t/logs if they have some custom logs written from the handlers. Ideally it should be configurable by the developer that uses Apache::Test. But I agree that it's certainly a good idea to copy only the minimal amount of files. For a better solution of course it would also be reasonable to query the ENV settings that even exist on MSWorm (IIRC) and even better check that directory's permissions and fallback again to /tmp, if nothing else is found. But this is maybe something that File::Spec, which nathan mentioned, already does. Yup, this is going to be the hardest part. We need a good portable test. Currently I do this check. I have no idea how portable it is. Please tell me if there is some problem with it. You can find it in Apache-Test/lib/Apache/TestRun.pm of the current modperl-2.0 cvs: sub check_perms { my ($self, $user, $uid, $gid) = @_; # test that the base dir is rwx by the selected non-root user my $vars = $self->{test_config}->{vars}; my $dir = $vars->{t_dir}; my $perl = $vars->{perl}; my $check = qq[sudo -u '#$uid' $perl -e ] . qq['print -r "$dir" && -w _ && -x _ ? "OK" : "NOK"']; warning "$check\n"; my $res = qx[$check] || ''; warning "result: $res"; unless ($res eq 'OK') { #$self->restore_t_perms; error(<<"EOI") && die "\n"; You are running the test suite under user 'root'. Apache cannot spawn child processes as 'root', therefore we attempt to run the test suite with user '$user' ($uid:$gid). The problem is that the path: $dir must be 'rwx' by user '$user', so Apache can read and write under that path. There several ways to resolve this issue. For example move '$dir' to '/tmp/' and repeat the 'make test' phase. You can test whether the location is good by running the following test: % $check EOI } } IMHO again the build dir in general should default to /tmp/cpan_$USER (or /var/tmp/cpan_$USER if you prefer), so it would be a good thing to change the default setting of CPAN's initial configuration for future CPAN releases. In some ways CPAN packages are very similar to SRPMS and I think CPAN could learn a lot from RPM here. Well, that is the wrong forum to discuss the CPAN issues, at least because those who control CPAN.pm aren't listening ;) __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
Am Tue, 26 Aug 2003 16:07:21 + schrieb Stas Bekman: > As you posted in the followup, this is a problem with all Apache:: modules. > The problem originates within Apache, not us. Didn't know that apache rejects to run as root. Strange (but safe) behaviour. > Ideas how to solve this are *very* welcome. The best idea I have is to serve the htdocs directory from outside the ~root hierarchy. Apache is initially started as root and thus has no difficulties to get the configuration stuff needed to start up. A quick (non MSWormOS compatible) fix would be to patch lib/Apache/TestConfig.pm as follows: ---CUT --- TestConfig.pm 2003-06-07 01:43:28.0 +0200 +++ TestConfig.pm.docroot_patched 2003-08-27 12:13:26.0 +0200 @@ -214,7 +214,7 @@ $vars->{t_dir}||= catfile $vars->{top_dir}, 't'; $vars->{serverroot} ||= $vars->{t_dir}; -$vars->{documentroot} ||= catfile $vars->{serverroot}, 'htdocs'; +$vars->{documentroot} ||= "/tmp/Apache-Test.$$/htdocs"; $vars->{perlpod} ||= $self->find_in_inc('pods') || $self->find_in_inc('pod'); $vars->{perl} ||= $^X; ---CUT Moving the entire t/ directory to temp is IMHO not necessary, but depending on the test needs it may also be required to copy a cgi-bin directory to /tmp as well. For a better solution of course it would also be reasonable to query the ENV settings that even exist on MSWorm (IIRC) and even better check that directory's permissions and fallback again to /tmp, if nothing else is found. But this is maybe something that File::Spec, which nathan mentioned, already does. IMHO again the build dir in general should default to /tmp/cpan_$USER (or /var/tmp/cpan_$USER if you prefer), so it would be a good thing to change the default setting of CPAN's initial configuration for future CPAN releases. In some ways CPAN packages are very similar to SRPMS and I think CPAN could learn a lot from RPM here. happy hacking udo -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
[EMAIL PROTECTED] wrote: On Tue, 26 Aug 2003 09:07:21 -0700, Stas Bekman wrote: [snip] As you posted in the followup, this is a problem with all Apache:: modules. The problem originates within Apache, not us. FWIW, the cvs version of Apache::Test warns you early whether this is going to work or not, rather than just failing during 'make test'. Ideas how to solve this are *very* welcome. [snip] Stas, One thing we're working on implementing in Apache::PAR to solve this kind of problem is to use File::Spec's tmpdir to get the platform specific temp directory. This function appears to be available in File::Spec at least as of Perl 5.6.0 as part of the distribution. This could be used (maybe overridable via a env variable, etc) to determine a temporary directory to copy the t/ directory to in cases where permissions would deny reading from the working directory or a parent directory. Of course, it would still have to fail in cases where a temp directory isn't available (either File::Spec doesn't support the platform or a new enough version of File::Spec isn't available on an old version of Perl) and the env variable isn't set, but should handle almost all common cases. Once the content is copied, Apache::Test would then use that directory to serve test files, scripts, etc out of. This temporary directory could then also be cleaned up when the Apache server is shutdown. Of course, I haven't looked at the code for Apache::Test enough to know whether this would be easily implemented, but just thought I would throw out the idea. Thanks Nathan, We have discussed this idea at the dev list, and will probably resort to it if no better solution is found. I didn't mention it on purpose in hope to get some new, better ideas. The problem with copy and cleanup to a temp dir is that some project may have a pretty big t/ directory (mp2's one is almost 2MB and growing), so copying is going to be quite slow. Another problem is the cleanup, which may not always work very well. Moreover, let's say that you run under 'root'. Most likely File::Temp/File::Spec::tmpdir will return /root/tmp as the temp dir, so it solves nothing. What we really want is an equivalent of /tmp. What we could do is prompt root for two inputs: a username of a real user (e.g. 'stas' on my machine) and a dir where 'stas' can write to (e.g. /home/stas/tmp) and then copy the files there and use that username to run the test with. In my original reply the best advise so far to avoid this problem is to configure your .cpan dir to be under /tmp in which case running tests as root is not a problem. However /tmp is often setup to be cleaned up on reboot, so you may want to configure only 'build_dir' to be on that filesystem, e.g.: #~/.cpan/CPAN/MyConfig.pm # $CPAN::Config = { 'cpan_home' => q[/root/.cpan], 'build_dir' => q[/tmp/.cpan/build], ... }; __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
On Tue, 26 Aug 2003 09:07:21 -0700, Stas Bekman wrote: [snip] > > As you posted in the followup, this is a problem with > all Apache:: modules. > The problem originates within Apache, not us. > > FWIW, the cvs version of Apache::Test warns you early > whether this is going to > work or not, rather than just failing during 'make > test'. > > Ideas how to solve this are *very* welcome. > [snip] Stas, One thing we're working on implementing in Apache::PAR to solve this kind of problem is to use File::Spec's tmpdir to get the platform specific temp directory. This function appears to be available in File::Spec at least as of Perl 5.6.0 as part of the distribution. This could be used (maybe overridable via a env variable, etc) to determine a temporary directory to copy the t/ directory to in cases where permissions would deny reading from the working directory or a parent directory. Of course, it would still have to fail in cases where a temp directory isn't available (either File::Spec doesn't support the platform or a new enough version of File::Spec isn't available on an old version of Perl) and the env variable isn't set, but should handle almost all common cases. Once the content is copied, Apache::Test would then use that directory to serve test files, scripts, etc out of. This temporary directory could then also be cleaned up when the Apache server is shutdown. Of course, I haven't looked at the code for Apache::Test enough to know whether this would be easily implemented, but just thought I would throw out the idea. Thanks, Nathan Byrd -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
Udo Rader wrote: hi all, I'm trying to setup Apache::Test with our apaches and have run into major troubles. CPAN refuses to install the mod without force, because all tests completely fail. t/logs/error_log then contained error messages like these: -error_log-- [...] [Tue Aug 26 14:23:47 2003] [error] [client 127.0.0.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path [...] -error_log-- As you posted in the followup, this is a problem with all Apache:: modules. The problem originates within Apache, not us. FWIW, the cvs version of Apache::Test warns you early whether this is going to work or not, rather than just failing during 'make test'. Ideas how to solve this are *very* welcome. As of this moment per your observation you need to either put the data in the directory readable by the apache user, or build/run the tests as a non-root. If you configure your CPAN to put the build dir not under /root, but let's say /tmp/ (probably can come up with a better choice), it'll work. __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
hmm, and as I just found out, the same applies for many other Apache:: mods (libapreq ...) This looks like a major problem to me. Temporary workaround is to give read access to all users for ~root, but that makes me "a bit" nervous ... udo -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
installing Apache::Test via CPAN impossible as root
hi all, I'm trying to setup Apache::Test with our apaches and have run into major troubles. CPAN refuses to install the mod without force, because all tests completely fail. t/logs/error_log then contained error messages like these: -error_log-- [...] [Tue Aug 26 14:23:47 2003] [error] [client 127.0.0.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path [...] -error_log-- never saw such an apache error message ... ? search permissions are missing ? what kind of stuff is that? But a google search quickly pointed me to the source of the problem: In a default linux & perl installation Apache::Test is very unlikely to be installable by root (http://dbforums.com/t859484.html). I tried to make && make test the package as a "normal" user and I succeded. Depending on my security settings this is however just luck: If the above posting on dbforums is correct, then the problem is because the unpacking and building is done by user root whereas all files below t/ are chowned to the actual apache test user. Now this works fine as long as the _apache test user_ is allowed to access root's .cpan build area at all, and I doubt that on most systems a normal user (such as the apache test user) will be allowed to access anything within ~root and thus "make test" will fail. Are there arguments against running those tests as root? for the record: get this for apache 1.3.28 and mp1.28 as well as with apache 2.0.47 and mp1.99_09. udo -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html