Users deleted from otp-users.txt

[tko-mz]

Hi,

We are having issues with multiple users being deleted from the otp-users.txt file. This has occurred a few times the recent days but did not happen in the past. I can find the below message in our logs which I would assume is related to the issue: error renaming new OTP users file "/etc/otp/otp-users.txt.new" to "/etc/otp/otp-users.txt": No such file or directory

FYI, we are using mod_authn_otp-1.1.8 with apache 2.4.6-88 on Centos 7.3.1611.

Any ideas on what is causing this?

[archiecobbs]

The only explanation I can think of is a situation where you have two or more Apache processes running at the same time that are not aware of each other, and so they are trying to read and update the file at the same time.

There is a lock file that each process uses to coordinate their accesses to the file that should prevent that though. However, this could fail if file locking is broken.

Are you doing something unusual with your Apache setup, e.g., using a networked file system, or sharing /etc/otp between multiple servers in some other way, etc?

Another possible problem is the disk is running out of space, but that should generate a different error.

[tko-mz]

Thanks for the input! The apache setup is fairly straightforward so I think lack of space caused by deleted files not being freed yet might have been causing this. The file has been moved and is being monitored now.