id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
1425	GUI Upgrades stall if permissions on dataset/volume are not resolvable via www	gcooper		"The code today in notifier.change_upload_location doesn't work if an element in the path isn't resolvable to ""www"". This results in stuck downloads because lighttpd/nginx executes as www:www.

{{{
def change_upload_location(self, path):
        vardir = ""/var/tmp/firmware""

        self.__system(""/bin/rm -rf %s"" % vardir)
        self.__system(""/bin/mkdir -p %s/.freenas"" % path)
        self.__system(""/usr/sbin/chown www:www %s/.freenas"" % path)
        self.__system(""/bin/ln -s %s/.freenas %s"" % (path, vardir))
}}}

The following code would (in theory) catch this issue, but doesn't because it's running as root:wheel (I inserted an Exception to check my sanity):

{{{
    def change_upload_location(self, path):
        vardir = ""/var/tmp/firmware""
        uploaddir = '%s/.freenas' % (path, )

        if os.stat(path).st_mode & stat.S_IWRITE == 0:
            raise MiddlewareError('Cannot create %s' % (uploaddir, ))

        self.___system('rm -rf %s' % (vardir, ))
        if not os.path.isdir(uploaddir):
            os.makedirs(uploaddir)
        os.chmod(uploaddir, 0770)
        os.chown(uploaddir, os.geteuid(), os.getegid())
        os.symlink(uploaddir, vardir)
}}}

I've also tried os.setreuid/os.setregid, but that doesn't work (fails with EPERM, probably because of security paranoia in FreeBSD).

This caveat should be clearly documented for now until it can be properly resolved later."	defect	closed	critical		Backend	8.0.4-RELEASE	fixed