[PCBC-269] Configuration cache permission issue Created: 06/Mar/14  Updated: 18/Apr/14  Resolved: 18/Apr/14

Status: Resolved
Project: Couchbase PHP client library
Component/s: library
Affects Version/s: None
Fix Version/s: .next
Security Level: Public

Type: Task Priority: Major
Reporter: Abhishek Singh Assignee: Brett Lawson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:

The configuration cache directory that's created is owned by root:root. We need to chown it to apache user once and chmod dir to 777 for it to work correctly else we get segmentation fault.

Is there is a way to overcome the seg fault and make the config_cache directory globally readable(so that php-cli also works)?

Comment by Brett Lawson [ 06/Mar/14 ]
The configuration cache should be owned by whatever user the php instances are executing under. Would you be able to confirm that this is not the case, additionally, is it the folder or the cache file itself that has incorrect permissions assigned.
Comment by Matt Ingenthron [ 06/Mar/14 ]
I'd asked Abhishek to open this mostly because of the segfault, not because the permissions need to be changed. Let's prevent the segfault, but the location should be writeable.
Comment by Brett Lawson [ 13/Mar/14 ]
As far as I am aware, the issue here is actually due to customer configuration, the folder and file are created under whatever user the php interpreter is executing under. Additionally, automatically applying any additional permissions creates a security hole due to the fact that passwords are stored within the cache.
Comment by Brett Lawson [ 17/Mar/14 ]

I am going to run some tests today to try and figure out why they are seeing segfaults, however, I believe that the root cause of those segfaults is an overall expectation issue. I suggest that the config directory be created outside the scope of the extension to start, as this should prevent the cache folder from being owned by root, however if PHP is running as root, then the config file itself will also be root, which brings us back to a configuration issue.

Cheers, Brett
Comment by Brett Lawson [ 17/Mar/14 ]
Just a quick add as I reread your message, if I get rid of the segfault, no doubt the scripts are not going to be able to use config cache at all, since it will not be able to access that file due to permission errors, and as I mentioned above, we can't generically expand those permissions. If the user is adamant on using config cache, they may want to either use a different file for the cache, or alternatively run those scripts under the correct user.

Cheers, Brett
Comment by Abhishek Singh [ 18/Mar/14 ]
re-opening to address seg-fault
Comment by Brett Lawson [ 18/Mar/14 ]
Segfault is fixed by: http://review.couchbase.org/#/c/34644/
Comment by Abhishek Singh [ 19/Mar/14 ]
Thanks. Is this fix going to part of next release of PHP client? what's the tentative date of next release?
Comment by Brett Lawson [ 19/Mar/14 ]
Hey Abhishek,

I will be releasing an update to the PHP client with this fix on the first tuesday of April as part of our standard release cycle.

Cheers, Brett

Generated at Mon Apr 21 08:12:02 CDT 2014 using JIRA 5.2.4#845-sha1:c9f4cc41abe72fb236945343a1f485c2c844dac9.