guthbus / httplib2

Automatically exported from code.google.com/p/httplib2
0 stars 0 forks source link

cacerts.txt permissions #292

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. A client which uses httplib2 

https://github.com/openstack/python-neutronclient/blob/quantumclient/quantumclie
nt/client.py#L102

2. The client is used inside a django app

https://github.com/openstack/horizon/blob/stable/grizzly/openstack_dashboard/api
/cinder.py#L54

What is the expected output? What do you see instead?

Apache is unable to read cacerts.txt which contains the wrong permissions, and 
returning:

[Tue Aug 06 14:19:49 2013] [error] \x1b[31;1mRecoverable error: [Errno 
185090050] _ssl.c:340: error:0B084002:x509 certificate 
routines:X509_load_cert_crl_file:system lib\x1b[0m

$ ls -l /usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt
-rw-r----- 1 root staff 39670 Jul 29 18:05 
/usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt

What version of the product are you using? On what operating system?

- Ubuntu 12.04
- Python 2.7.3
- python-httplib2 0.7.2-1ubuntu2

Original issue reported on code.google.com by jdew...@gmail.com on 9 Aug 2013 at 11:47

GoogleCodeExporter commented 8 years ago
Here is a snip from stracing apache.

open("/usr/local/lib/python2.7/dist-packages/httplib2/cacerts.txt", O_RDONLY) = 
-1 EACCES (Permission denied)

Original comment by jdew...@gmail.com on 9 Aug 2013 at 11:49

GoogleCodeExporter commented 8 years ago
This problem occurs when installing via pip.

Original comment by jdew...@gmail.com on 10 Aug 2013 at 8:17

GoogleCodeExporter commented 8 years ago
Same here but on FreeBSD. Just installed the port with portinstall and had the 
exact same problem. It is not the only file in the directory with 640 
permissions. Also PKG-INFO, SOURCES.txt, dependency_links.txt and top-level.txt 
have the same problem.

Original comment by akosia...@gmail.com on 17 Oct 2013 at 3:52

GoogleCodeExporter commented 8 years ago
It looks like this might be related to installing with sudo. I'm currently 
pretty ignorant of umasks (and my tests of the behaviour have seemed 
inconsistent with this) so this might be wrong, but apparently the user umask, 
which sudo does not make less restrictive, is by default more restrictive than 
the root one. That would make this a general installer problem that's not 
specific to this project. See 
http://stackoverflow.com/questions/11161776/pip-inconsistent-permissions-issues

Original comment by asksteve...@gmail.com on 2 Jan 2014 at 7:20

GoogleCodeExporter commented 8 years ago
In my case (installing on FreeBSD via portinstall) sudo was not used, but 
rather a plain root login. So while sudo might cause its own set of problems it 
was not the cause in this case.

Btw this problem no longer exists on FreeBSD since it was fixed on

http://svnweb.freebsd.org/ports?view=revision&revision=332074

So back to pip installation problems.

Original comment by akosia...@gmail.com on 2 Jan 2014 at 9:40

GoogleCodeExporter commented 8 years ago
I ran into the same problem on an Ubuntu server, I installed it using "setup.py 
develop".  The file is owned by the user that did the install (ubuntu) but we 
run the web server as a different user (www-data) who can't read this 
cacerts.txt file.

Original comment by dvanderm...@roovy.com on 6 Nov 2014 at 1:01