backup-restore-plugin failing with permissions issues

[genebobmiller]

What is the bug or the crash?

Permissions issues are causing the backup-restore-plugin to fail.

This issue is not present in 2.17 so I assume it's caused by the permissions change made in 2.18 when we moved away from root ownership.

Steps to reproduce the issue

Enable the backup-restore-plugin via ENV var:

    environment:
             - COMMUNITY_EXTENSIONS=backup-restore-plugin

Click on Data->Backup & Restore. Creating a backup shows warnings:

NO Exceptions Detected.

WARNING:Could not create directory.
WARNING:Could not create directory.
WARNING:Could not create directory.

and restoring the backup fails with errors:

 Error occurred while trying to move a Resource!
java.lang.IllegalStateException: Could not create directory.

Versions

2.23.0

Additional context

Not present in 2.17

[NyakudyaA]

You haven't specified where you are trying to create the backup in. You can try to place it in temp and also what user owns the files there

[genebobmiller]

Thanks NyakudyaA,

Yes I've tried in /tmp, /opt/geoserver/data_dir and also creating a folder /backups in the root. None work correctly. I'm not doing any volume mounts for this test so the ownership is the default.

[NyakudyaA]

Will take a look when I am near a PC

[NyakudyaA]

Will report this upstream and see if they have a fix.

[genebobmiller]

Thanks NyakudyaA!

[genebobmiller]

Any progress with this NyakudyaA? Did you have an upstream issue we can follow?

[NyakudyaA]

Opened an issue upstream but they closed it saying they don't investigate things that are running in docker, will check this over the weekend

[genebobmiller]

Any movement on this NyakudyaA?

[NyakudyaA]

@genebobmiller Have you tried with image 2.23.1

[genebobmiller]

@NyakudyaA There is no such image on dockerhub.

[NyakudyaA]

There must be something wrong with the github action. I will investigate and also test the plugin with the new version

[genebobmiller]

Issue still exists in 2.23.1

[genebobmiller]

Seems to be having trouble writing to a temporary folder...

[backuprestore.tasklet] - Error occurred while trying to move a Resource!
java.lang.IllegalStateException: Could not create directory.
    at org.geoserver.platform.resource.Files$ResourceAdaptor.dir(Files.java:185)
    at org.geoserver.platform.resource.Resources.directory(Resources.java:189)
    at org.geoserver.backuprestore.utils.BackupUtils.dir(BackupUtils.java:253)

In kartoza/geoserver:2.17.0 the backup process successfully created these folders:

/opt/geoserver/data_dir/temp/tmp3ec2c7c3-dd2a-465d-a417-110c1de301df/monitoring
/opt/geoserver/data_dir/temp/tmp3ec2c7c3-dd2a-465d-a417-110c1de301df/printing
/opt/geoserver/data_dir/temp/tmp3ec2c7c3-dd2a-465d-a417-110c1de301df/inspire

But in kartoza/geoserver:2.23.1 the backup process fails because it's attempting to create these folders in the root of the file system and getting permission denied:

/monitoring
/printing
/inspire

[hbruch]

Opened an issue upstream but they closed it saying they don't investigate things that are running in docker, will check this over the weekend

The issue referred to is GEOS-10990.

Is it really necessary to run as root (which is discouraged for security reasons) for backup-restore? It looks like the plugin might be misconfigured if it tries to write monitoring, printing and inspire directly within /, so #565 looks more like a work-around than a fix of the root cause...

[NyakudyaA]

Yes, @hbruch That's a workaround, unfortunately, I am not a Java developer and to debug what is happening during runtime configuration.