[SERVER-20873] Keyfile permissions are changed using chmod 644 during test execution Created: 12/Oct/15  Updated: 25/Nov/15  Resolved: 19/Nov/15

Status: Closed
Project: Core Server
Component/s: Testing Infrastructure
Affects Version/s: 3.1.9
Fix Version/s: 3.2.0-rc4

Type: Bug Priority: Major - P3
Reporter: Max Hirschhorn Assignee: Jonathan Abrahams
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-20414 Configure Evergreen to run more suite... Closed
Related
related to SERVER-21492 Remove key-file permissions code for ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security B 10/30/15, TIG C (11/20/15)
Participants:

 Description   

After SERVER-20414, multiple replica set tests are run simultaneously. It is important to note that

  1. jstests/replsets/auth1.js may no longer be the first test that uses keyfiles, which had incidentally set their permissions to be 600 for the remainder of the suite. Each test that uses the keyfiles (or the test infrastructure in the shell) needs to set the permission to 600 before starting up its replica set.
  2. jstests/replsets/auth1.js changes the permission of the keyfiles to 644 during its test, which may cause concurrently running tests to fail spuriously with "permissions on keyfile are too open."

If a test is going to modify the permissions of a keyfile during its execution to something other than 600, it should probably use its own keyfile.

Example failure:

[js_test:localhostAuthBypass] 2015-10-10T04:32:53.181+0000 d20768| 2015-10-10T04:32:53.181+0000 I ACCESS   [main] permissions on /data/mci/src/jstests/libs/key1 are too open
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.365+0000 2015-10-10T04:32:53.361+0000 W NETWORK  [thread1] Failed to connect to 127.0.0.1:20768, reason: errno:111 Connection refused
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.420+0000 Could not start mongo program at 20768, process ended
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.420+0000 2015-10-10T04:32:53.362+0000 E QUERY    [thread1] Error: Failed to start node 2 :
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.420+0000 ReplSetTest.prototype.start@src/mongo/shell/replsettest.js:770:1
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.420+0000 ReplSetTest.prototype.startSet@src/mongo/shell/replsettest.js:278:16
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.420+0000 start@jstests/replsets/localhostAuthBypass.js:107:5
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.421+0000 runNonlocalTest@jstests/replsets/localhostAuthBypass.js:187:14
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.421+0000 @jstests/replsets/localhostAuthBypass.js:219:1
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.421+0000
[js_test:localhostAuthBypass] 2015-10-10T04:32:53.421+0000 failed to load: jstests/replsets/localhostAuthBypass.js



 Comments   
Comment by Githook User [ 19/Nov/15 ]

Author:

{u'username': u'hptabster', u'name': u'Jonathan Abrahams', u'email': u'jonathan@mongodb.com'}

Message: SERVER-20873 Add separate key file using 644 permission
Branch: master
https://github.com/mongodb/mongo/commit/46d22dc70b34863e17baff7268dd632a45e1a4b6

Comment by Andreas Nilsson [ 12/Oct/15 ]

Ok, we should be aware of any concurrent access to shared test resources going forward.

Is there any way of setting things up properly right off the bat? It seems a little stupid to chmod to 600 in every test that uses a keyfile when we only need to set it once.

As for any tests that changes the permissions from 600 to something else I agree that they should use their own "dedicated one"

Generated at Thu Feb 08 03:55:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.