Re: [Exist-development] Scheduler and new permissions model....

[Adam R. <ad...@ex...>]

> I've got a test environment running your latest permissions code (current SVN). I was hoping that
> Wolfgang's recent checkin might have fixed the duplicated attributes bug, but unfortunately it
> didn't.  So I plan to dive into the cause of that later this week, since I haven't been able to
> create a replicable, simple test case as I usually do.
>
> In the meantime, in our environment we fire off some scheduled User XQuery tasks from the conf.xml
> file at startup.
>
> Problem was, that our user jobs are now failing with the following exception:
>
> 2011-06-14 16:05:04,496 [DefaultQuartzScheduler_Worker-2] INFO  (JobRunShell.java [run]:221) - Job
> eXist.User.XQuery: /db/chaeron/raven/common/xquery/chaeronJobScheduler.xql threw a
> JobExecutionException:
> org.quartz.JobExecutionException: UserXQueryJob Failed: Permission denied for the scheduling user:
> guest! Unscheduling UserXQueryJob.
>        at org.exist.scheduler.UserXQueryJob.abort(UserXQueryJob.java:268)
>        at org.exist.scheduler.UserXQueryJob.abort(UserXQueryJob.java:263)
>        at org.exist.scheduler.UserXQueryJob.execute(UserXQueryJob.java:228)
>        at org.quartz.core.JobRunShell.run(JobRunShell.java:216)
>        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
>
> found in the scheduler.log file.

So we need to understand why the guest user cannot execute the XQuery
Job that you want them to, I suspect that the guest user simply does
not have permissions necessary on the XQuery. Can you confirm this?
At present the guest would need to have 'update' permission, either as
the user, group or other - this is something that was implemented
previously before my changes by someone else. This was implemented as
the goal was to move from 'rwu' to 'rwx', this is still the goal,
however this work was previously never completed by the contributor,
however I will complete it myself in the near future.

> I'm not sure of how we fix this?  Do we need to set global execute permissions on all the xqueries
> we have stored in the database, or at least on the ones that are scheduled at startup from conf.xml?

(see above)

>  Do we need to extend the conf.xml scheduler elements/definitions to be able to specify what user
> should be used to fire up a scheduled xquery, rather than the default guest?

Nope, I have laid the foundations for SetUID and SetGID style
permissions, these will be implemented in the near future and will
also solve this issue I hope.

> Your advice on the best way to proceed would be much appreciated.
>
> Thanks!
>
> --
> Andrzej Taramina
> Chaeron Corporation: Enterprise System Solutions
> http://www.chaeron.com
>



-- 
Adam Retter

eXist Developer
{ United Kingdom }
ad...@ex...
irc://irc.freenode.net/existdb