id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc
1425,GUI Upgrades stall if permissions on dataset/volume are not resolvable via www,gcooper,,"The code today in notifier.change_upload_location doesn't work if an element in the path isn't resolvable to ""www"". This results in stuck downloads because lighttpd/nginx executes as www:www.

{{{
def change_upload_location(self, path):
        vardir = ""/var/tmp/firmware""

        self.__system(""/bin/rm -rf %s"" % vardir)
        self.__system(""/bin/mkdir -p %s/.freenas"" % path)
        self.__system(""/usr/sbin/chown www:www %s/.freenas"" % path)
        self.__system(""/bin/ln -s %s/.freenas %s"" % (path, vardir))
}}}

The following code would (in theory) catch this issue, but doesn't because it's running as root:wheel (I inserted an Exception to check my sanity):

{{{
    def change_upload_location(self, path):
        vardir = ""/var/tmp/firmware""
        uploaddir = '%s/.freenas' % (path, )

        if os.stat(path).st_mode & stat.S_IWRITE == 0:
            raise MiddlewareError('Cannot create %s' % (uploaddir, ))

        self.___system('rm -rf %s' % (vardir, ))
        if not os.path.isdir(uploaddir):
            os.makedirs(uploaddir)
        os.chmod(uploaddir, 0770)
        os.chown(uploaddir, os.geteuid(), os.getegid())
        os.symlink(uploaddir, vardir)
}}}

I've also tried os.setreuid/os.setregid, but that doesn't work (fails with EPERM, probably because of security paranoia in FreeBSD).

This caveat should be clearly documented for now until it can be properly resolved later.",defect,closed,critical,,Backend,8.0.4-RELEASE,fixed,,