PowerDNS / weakforced

Anti-Abuse for servers at authentication time
GNU General Public License v3.0
124 stars 33 forks source link

[BUG] wforce logs errors about failing to create folders ./uploads/tmp/XX #355

Closed mgehlmann closed 2 years ago

mgehlmann commented 2 years ago

Describe the bug When I start up wforce v2.6.0 (used builder script) on Debian bullseye with default config, I get these errors in the log:

Dec  7 09:20:29 wforce0 wforce[250278]: 20211207 08:20:29.901676 UTC 250290 ERROR Can't create path:./uploads/tmp/00 - Utilities.cc:1098
Dec  7 09:20:29 wforce0 wforce[250278]: 20211207 08:20:29.901950 UTC 250290 ERROR Can't create path:./uploads/tmp/01 - Utilities.cc:1098
[...]
Dec  7 09:20:29 wforce0 wforce[250278]: 20211207 08:20:29.917911 UTC 250290 ERROR Can't create path:./uploads/tmp/FF - Utilities.cc:1098

I did not find any information about the ./uploads in the docs, though. I tested a bit and on one occasion, which I cannot reproduce, the folders 00-03 were created in /etc/wforce/uploads/tmp/:

# tree /etc/wforce/
/etc/wforce/
├── regexes.yaml
├── uploads
│   └── tmp
│       ├── 00
│       ├── 01
│       └── 02
└── wforce.conf

This time there are only error messages for folders 03-FF. Additional restarts do not lead to more created folders.

Could the issue be, that /etc/wforce appears to be the working directory of the process? The systemd service file that is installed by the package sets:

User=wforce
Group=wforce

But /etc/wforce is created with

# ls -ld /etc/wforce
drwxr-xr-x 2 root root 4096  7. Dez 10:57 /etc/wforce

So the creation would probably fail due to missing permissions. The working directory should probably be somewhere in /var/?

To Reproduce Steps to reproduce the behavior:

  1. Build wforce 2.6.0 for debian-bullseye using builder script
  2. install .deb package
  3. start service with default config
  4. See error

Expected behavior Not sure, since I don't know what ./uploads is for, but I suppose that all folders 00-FF should be created, and probably not in /etc/wforce, but somewhere in /var.

OS (please complete the following information):

neilcook commented 2 years ago

I've looked into this, and it's an artifact of using a new library (drogon) to handle the HTTP REST API (mainly to get TLS handling, but also to get better performance). Drogon offers a bunch of stuff that wforce doesn't use, and it turns out that it wants to create a bunch of folders for file uploading, which it creates by default in the cwd, which for wforce is always the directory it finds the config in. I didn't catch this because it didn't stop CI from working and I didn't spot it in the CI logs clearly.

I will fix this in two ways: 1) A quick fix to set the directory for drogon to use as /var, not cwd 2) An upstream fix to libdrogon to disable this behaviour for folks who don't want the file uploading behaviour, as it's quite antisocial

mgehlmann commented 2 years ago

Great, thanks! Seems it does not actually break anything in the service. I guess I'll manually create the folders as a workaround to suppress the error messages until the 2.6.1 release.