I am calling a controller method to convert a video file. This process
is called using background_fu job. When the function tries to create a
new folder in rails root it gives error i.e. Permission denied. The
function performs well if not called in background job process.
Can any one point out what can be the trouble.
Thanks in advance,
Anubhaw
Check to see if the background process is running under a different user account to the one being used by your Rails application. On Linux/UNIX you can generally get this information by running the top or ps command.
Related
So I have a web application running on Centos 6.5.
The application is a Ruby/Rails app, but the images are served by Apache HTTPD.
The application folder is in a user home folder, but I've granted HTTPD the correct permissions, and have enabled httpd_enable_home_dirs within SELinux. All static images are working just fine.
The problem I am seeing is when an end user uploads an image (A profile icon), the SELinux context for the file is getting set to unconfined_u:object_r:user_tmp_t:s0 instead of unconfined_u:object_r:usr_t:s0.
If I manually run restorcon on the file, the context gets fixed, and the image works. Any idea how I can make sure the file gets created with the correct context? I've looked into using restorcond, but it looks like it won't recursively check subdirectories, and the subdirectory structure is not predictable.
Any help is appreciated.
Most likely your application is moving 'mv' the object from /tmp, or /var/tmp to the destination location.
By default when a object is moved with 'mv', then so is its security metadata. Thus the object ends up at the destination with old and inaccurate security metadata. Running 'restorecon' on the destination objects resets the contexts to what the policy thinks it should be.
There are various ways you can deal with this. Either allow your webapp to read the object with the inaccurate context or tell your webapp to either use 'mv' with the -Z option, or use 'cp' instead. (the 'cp' command copies the object, and as a consequence the target object ends up with the appropriate security metadata, usually mostly inherited from the targets parent directory.
So apparently SELinux suppresses some error messages...
In order to debug this I had to run
semodule -DB
This rebuilds/restarts the local policy with the disable "don't log" flag. Once "don't log" is disabled, the error messages show up in the audit log and you can add a new policy using the regular:
sealert -a /var/log/audit.log
Then find the audit2allow command for the error in question.
You can set your logging back to normal after by running
semodule -B
I have code using the SysOperationFrameworkService, and after a model-deploy or some other set of circumstances, many users get Function SysOperationDataContractInfo::newParameterInfo has been incorrectly called..
It's unable to be resolved with full-compile, sync, full CIL, deleting XPPIL files, deleting AUC/KTI, usage data, security (they're admin), refreshing caches (server &client), etc. and I have a ticket open with Microsoft and they're struggling.
I've narrowed the issue down to when the service group AxClient located in the AOT at \Service Groups\AxClient WSDL files get deployed to C:\Users\[User]\AppData\Local. Either those files existing there, or something happening when those files get deployed is needed.
Any idea how/what causes these files (AxClient.wsdl, etc) to be created? With a user who happens to be "working", I can close the client, delete all the files, open the client, and no files will exist...then I perform a SysOp process and those files get created during that process. With the non-working user, with same security on the same machine does it, the files don't get created.
I have found that the
"Function SysOperationDataContractInfo::newParameterInfo has been incorrectly called" has been throwed because of a possible bug in the kernel when calling the "dictMethod = new DictMethod(UtilElementType::ClassInstanceMethod, dictClass.id(), methodName);" in the SysOperationServiceController.getServiceOperation() method. In my case the new DictMethod was sometimes unable to get the method parameter from a superclass, causing the _parentMethodParameterName check fail in the SysOperationDataContractInfo.newParameterInfo.
So, I solved the issue just by doing an override of the super method where the parameter could not be retrieved and then just calling super(_parameter), then everything went well.
Have you tried axclicfg.exe -> connections -> refresh
I'm new to ruby on rails. I want to call a system command to analyze an uploaded file in my Rails application. Something as follows:
after_save :analyse #post processing call
def analyse
command = "./c_executable " + Rails.root.to_s + "/output_csv_file"
system(command)
if FileTest.exists?(Rails.root.to_s + "/output_csv_file")
parse_csv
end
end
It runs fine on my local machine, but for some reason the function "parse_csv" won't get called on the server(dreamhost). However, I manually call the c_executable system command on the server and it outputs the csv file without a problem. Could anyone tell me what might be causing the problem here? I was thinking the system call takes some time to finish on the server. If that's the case, I'm wondering if there is a way to tell rails to wait until the system() call finishes execution. Thanks in advance!
The system call should block until the command inside is finished. It is possible that the file is not being created as you intended which might preclude that part of your app from running.
You might want to use a different way of constructing your path to be sure you're getting it right:
csv_path = File.expand_path('output_csv_file', Rails.root)
unless (system('./c_executable', csv_path))
# Could't execute system command for some reason.
end
if (File.exists?(csv_path))
# ...
end
When making system calls it's generally a good idea to specify the full path to the executable as your application PATH may be different from what you expect.
My first guess is that it's a permissions error. Do you know what user the web/app server is running as and see if it has the correct permissions to both read/execute the command and write the output file.
I'll answer my own question now. After spending several days of testing and googling, it turns out that dreamhost doesn't allow these kind of non built-in system calls. I'll have to change my hosting service.
How do I prevent my setup project from uninstalling my Windows service while it is performing a lengthy work routine?
Ideally, MSI should report that the "Service is currently busy and cannot be uninstalled."
How to create a condition for the installer to check if the service is busy and fail the installation?
You could maybe use an Installer class for your application. You could override the OnBeforeUninstall method so that it looks to see if the process is running, and then waits for it to stop before proceeding.
A similar solution to the one YWE posted is to create a custom action inside a DLL and run it when the uninstall process starts. In the custom action you could interrogate the service to check it's status and if it's busy fail the install with a relevant message for the user.
Walkthrough: Creating a custom action
I have a library that I created with some business logic that includes writing to a System.Diagnostics.EventLog instance. The library is normally called from a Windows Service application, but now I'm trying to call those same library functions from my ASP.NET MVC application.
I tried this code inside my controller to create the EventLog instance that I pass into the method that needs to write to the log.
Dim log = New EventLog("Application", My.Computer.Name, "MyMVCApp")
The following error is generated when the code within the library method tries to write to the log:
[SecurityException: Requested registry access is not allowed.]
System.ThrowHelper.ThrowSecurityException(ExceptionResource resource) +51
Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) +7462217
System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) +366
System.Diagnostics.EventLog.VerifyAndCreateSource(String sourceName, String currentMachineName) +194
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData) +205
System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type) +14
My web app is running as the Network Service user on Windows Server 2003 running IIS 6. Is there something I need to do in order to give the Network Service user access to the registry?
Is there a better way to create an EventLog instance for use in an ASP.NET MVC application? Is there one already created by the framework that I just need to reference?
From MSDN: "Applications that run using the Network Service identity can write to the event log by using existing event sources, but they cannot create new event sources because of insufficient registry permissions."
And...
"If the Source for the event log associated with the EventLog instance does not exist, a new event source is created."
So looks like your event log source doesn't exist, and it's trying to create a new event log source using the Network Service User (which requires writing to the registry, so wont work).
"To enable your ASP.NET application to write to the event log using an event source that does not already exist, you have two options:"
Create new event sources at application install time
Manually create new event source entry in the registry.
So, need to create the log outside of the application (you can't do it programatically with this user. Do it either manually, or create a simple command line app to simplify installation).
For full details:
http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015_eventlogaccess
Personally I'd recommend that you don't alter the net user permissions, but rather create the log source outside of the web app. My preference is in a console app (which will take you about 5mins to write, and which you can also use to prep other machines). Start a new console app in VS.NET, and add the code to create the log sources. An example:
http://www.dotnetspider.com/resources/23593-Create-Event-log-VB-NET.aspx
Then just run the console app from the cmd line, when logged in with appropriate permissions.
If you're not sure what event source it is trying to create, the above accepted answer will be difficult to figure out.
A simpler solution would be to switch the application pool to temporarily use LocalSystem, then run the application and produce an error. It will be able to create the relevant event log source, and after that you can switch it back to using NetworkService.
I don't know why can't you create your own EventLog instead of writing on Application log.
You can create an window/console application with the following code and run it as administrator, this will create a new log for you.
if (!EventLog.Exists("LOG_NAME"))
EventLog.CreateEventSource("LOG_NAME", "LOG_NAME");
this will create a new Log inside the event log and visible in application and service logs.
if (!EventLog.SourceExists("MyMVCApp"))
EventLog.CreateEventSource("MyMVCApp", "LOG_NAME");
This will create a new Source inside the custom "LOG_NAME" and you can make use of the code
Dim log = New EventLog("LOG_NAME", My.Computer.Name, "MyMVCApp")
to create a custom log.