cmd.run do not work if user is www-data #4168

Closed
yml opened this Issue Mar 20, 2013 · 19 comments

Comments

Projects
None yet
7 participants
Contributor

yml commented Mar 20, 2013

$  getent passwd www-data
www-data:x:33:33:www-data:/var/www:/bin/sh
~
$  sudo -E salt-call state.single cmd.run ls user=www-data
[INFO    ] Loaded configuration file: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/yml'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state cmd.run for ls
[ERROR   ] No changes made for ls
local:
----------
    State: - cmd
    Name:      ls
    Function:  run
        Result:    False
        Comment:   Environment could not be retrieved for User 'www-data'
        Changes:   
~
$  sudo -E salt-call state.single cmd.run ls group=www-data
[INFO    ] Loaded configuration file: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/yml'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state cmd.run for ls
[INFO    ] Executing command 'ls' in directory '/root'
[INFO    ] {'pid': 1550, 'retcode': 0, 'stderr': '', 'stdout': ''}
local:
----------
    State: - cmd
    Name:      ls
    Function:  run
        Result:    True
        Comment:   Command "ls" run
        Changes:   pid: 1550
                   retcode: 0
                   stderr: 
                   stdout:

The workaround is to replace the user: www-data by group: www-data

Member

terminalmage commented Mar 20, 2013

The error is being thrown from this try/except: https://github.com/saltstack/salt/blob/develop/salt/modules/cmdmod.py#L200

Member

terminalmage commented Mar 20, 2013

According to @yml the shell is /bin/sh.

Owner

UtahDave commented Mar 20, 2013

Thanks, @yml and @terminalmage

Contributor

yml commented Mar 20, 2013

Interesting enough continuing to fix the collateral damages cause by the upgrade to 0.13.3-1 I found out that virtualenv state is also broken if used in conjunction with runas:

$ sudo -E salt-call state.single virtualenv.managed /srv/virtualenvs/foo runas=www-data
[INFO    ] Loaded configuration file: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/ubuntu'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state virtualenv.managed for /srv/virtualenvs/foo
[ERROR   ] No changes made for /srv/virtualenvs/foo
local:
----------
    State: - virtualenv
    Name:      /srv/virtualenvs/foo
    Function:  managed
        Result:    False
        Comment:   An exception occured in this state: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1205, in call
    ret = self.states[cdata['full']](*cdata['args'])
  File "/usr/lib/python2.7/dist-packages/salt/states/virtualenv.py", line 111, in managed
    runas=runas)
  File "/usr/lib/python2.7/dist-packages/salt/modules/virtualenv.py", line 77, in create
    return __salt__['cmd.run_all'](cmd, runas=runas)
  File "/usr/lib/python2.7/dist-packages/salt/modules/cmdmod.py", line 389, in run_all
    template=template, rstrip=rstrip, umask=umask)
  File "/usr/lib/python2.7/dist-packages/salt/modules/cmdmod.py", line 214, in _run
    raise CommandExecutionError(msg)
CommandExecutionError: Environment could not be retrieved for User 'www-data
Contributor

seanchannel commented Mar 20, 2013

SIC in pull request #4141

@ghost ghost assigned seanchannel Mar 20, 2013

Owner

thatch45 commented Mar 20, 2013

This should be fixed with #4141, can you confirm for us please @yml?

Contributor

yml commented Mar 22, 2013

I have just tested with this changeset 6740bbd and it seems that the problem is still there.

Contributor

yml commented Mar 22, 2013

Simple operation are still breaking when using the user www-data

yml@ip-10-249-91-70$ (git: develop) sudo -E /srv/virtualenvs/salt_env/bin/salt-call state.single virtualenv.managed /srv/virtualenvs/foo runas=www-data
[INFO    ] Loaded configuration file: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/yml'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state virtualenv.managed for /srv/virtualenvs/foo
[ERROR   ] No changes made for /srv/virtualenvs/foo
local:
----------
    State: - virtualenv
    Name:      /srv/virtualenvs/foo
    Function:  managed
        Result:    False
        Comment:   An exception occured in this state: Traceback (most recent call last):
  File "/srv/virtualenvs/salt_env/src/salt/salt/state.py", line 1210, in call
    ret = self.states[cdata['full']](*cdata['args'])
  File "/srv/virtualenvs/salt_env/src/salt/salt/states/virtualenv.py", line 111, in managed
    runas=runas)
  File "/srv/virtualenvs/salt_env/src/salt/salt/modules/virtualenv.py", line 77, in create
    return __salt__['cmd.run_all'](cmd, runas=runas)
  File "/srv/virtualenvs/salt_env/src/salt/salt/modules/cmdmod.py", line 389, in run_all
    template=template, rstrip=rstrip, umask=umask)
  File "/srv/virtualenvs/salt_env/src/salt/salt/modules/cmdmod.py", line 214, in _run
    raise CommandExecutionError(msg)
CommandExecutionError: Environment could not be retrieved for User 'www-data'
Contributor

yml commented Mar 22, 2013

A bit more investigation show that it is blowing up here :

# /srv/virtualenvs/salt_env/src/salt/salt/modules/cmdmod.py
206  ->             env = json.loads(
207                         subprocess.Popen(
208                             env_cmd,
209                             shell=True,
210                             stdout=subprocess.PIPE
211                             ).communicate()[0])['data']
(Pdb) env_cmd
'su -s /bin/bash - www-data -c "/srv/virtualenvs/salt_env/bin/python -c \'import os, json;print(json.dumps(os.environ.__dict__))\'"'

Line 212 is where the exception start to bubble up.

Contributor

yml commented Mar 22, 2013

Bonus point for running the same command interactively:

It is blocking waiting for a password.
I am available is you need more info hit me on IRC #salt (yml)

Contributor

yml commented Mar 22, 2013

Can we reopen this issue ?

Contributor

seanchannel commented Mar 22, 2013

Yes :) This one is still open presently

www-data user has no HOME directory (at least on Ubuntu 12.04 /var/www is missing) so calling su -s /bin/bash www-data -c.... will return not only a JSON formatted array, but also a warning "No directory, logging in with HOME=/" which confuses json.loads call, resulting in ValueError being raised.

Contributor

yml commented Mar 24, 2013

Even specifying cwd argument does not fix the issue:

sudo -E /srv/virtualenvs/salt_env/bin/salt-call state.single cmd.run ls user=www-data cwd=/home
[INFO    ] Loaded configuration file: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/yml'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state cmd.run for ls
[ERROR   ] No changes made for ls
local:
----------
    State: - cmd
    Name:      ls
    Function:  run
        Result:    False
        Comment:   Environment could not be retrieved for User 'www-data'
        Changes: 
Contributor

kylegato commented Mar 28, 2013

I can reproduce this error on 0.13.2 but not 0.13.1:

as3.br1.mdr.domain.com:
0.13.2
as1.br1.mdr.domain.com:
0.13.2
as0.br0.mdr.domain.com:
0.13.2
as3.br0.mdr.domain.com:
0.13.2
as1.br0.mdr.domain.com:
0.13.2
as0.br1.mdr.domain.com:
0.13.2
as2.br1.mdr.domain.com:
0.13.2
as2.br0.mdr.domain.com:
0.13.2

[root@salt ~]# salt 'as*' state.single cmd.run ls user=www

as2.br1.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as0.br1.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as3.br1.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as1.br1.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as0.br0.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as1.br0.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as2.br0.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:

as3.br0.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    False
    Comment:   Environment could not be retrieved for User 'www'
    Changes:   

kyle.mdr.domain.com:
0.13.1

[root@salt ~]# salt 'kyle.*' state.single cmd.run ls user=www

kyle.mdr.domain.com:

State: - cmd
Name:      ls
Function:  run
    Result:    True
    Comment:   Command "ls" run
    Changes:   pid: 85207
               retcode: 0
               stderr: 
               stdout: Percona-XtraDB-Cluster-5.5.29

Percona-XtraDB-Cluster-5.5.29.tar.gz
newrelic-php5-3.1.5.120-freebsd
newrelic-php5-3.1.5.120-freebsd.tar.gz
nginx.tar.gz
pip-1.2.1
pip-1.2.1.tar.gz
pkg-static
pkg.txz
splunkforwarder
splunkforwarder-5.0.1-143156-FreeBSD7-amd64.tgz
splunkforwarder-wiredrive.tar.gz
tmp
www
zuora.a.43.0.wsdl

Owner

UtahDave commented Mar 28, 2013

Hey @yml and @kylegato, can you test with this branch? I believe this fixes this problem.

https://github.com/UtahDave/salt/tree/fix_runas_env

Contributor

yml commented Apr 8, 2013

@UtahDave sorry for the delay I am jumping back on this issue. it seems that either the fix landed on tip or someone else fixed it.

yml@ip-10-244-163-233$  sudo -E /srv/virtualenvs/salt_env/bin/salt-call state.single cmd.run ls user=www-data cwd=/home
[INFO    ] Configuration file path: /etc/salt/minion
[INFO    ] Executing command 'ps -efH' in directory '/home/yml'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Executing state cmd.run for ls
[INFO    ] Executing command 'ls' as user 'www-data' in directory '/home'
[INFO    ] {'pid': 13422, 'retcode': 0, 'stderr': '', 'stdout': 'user1\nuser2l'}

I am going to do some more extensive testing.

Contributor

yml commented Apr 8, 2013

@UtahDave
It seems that commit 9527857 from @giantlock fixed the issue few days ago.

@thatch45 thatch45 closed this Apr 8, 2013

Owner

thatch45 commented Apr 8, 2013

Thanks for confirming @yml !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment