[Koha-bugs] [Bug 17717] process_message_queue.pl: Can't locate Authen/CAS/Client/ Response/Failure.pm

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17717

--- Comment #47 from Marco Moreno <mmoreno at pobox.com> ---
Understanding the problem is necessary to determine the best solution.

The problem is this:

- All cron jobs start in $HOME and those in /etc/cron* run as root which is
/root.
- Problems occur when using "sudo -u another_user" to demote from root to
"another_user" which does not have read access to /root.
- The @INC array is traversed when a module is to be loaded, but a recent
update to Perl 5.22 (base.pm?) now results in a fatal error when it searches a
directory that cannot be read.
- The @INC array includes the current directory ('.') which is '/root' and
unreadable by 'another_user', resulting in this error.
- This error will also occur if run from the command line in a directory which
is not readable my 'another_user'.

Normally, crons are set up in the crontab file for the user under which it
should run. 
 Since it is rather unusual for a cron to sudo to another user, this is likely
why this regression in Perl has gone largely unnoticed.

Possible solutions:

1. Fix the regression in Perl 5.22.  This is ideal and this may have already
happened in more recent versions of Perl.  However, many of us remain stuck
with the version we have and we need a solution that will with with a broken
Perl.  Not a good short-term option.

2. Avoid using "sudo -u".  While possibly ideal, it's convenient and simple for
koha-foreach to be run as a system cron and switch to the user for each
library. Therefore, this is not a good option.

3. Modify the @INC array to remove the '.' directory so that /root will never
be searched.  This could be done in a common location (e.g.
/usr/share/koha/bin/kohalib.pl) as I suggested in Comment 40.  This is risky
because it assumes that no downstream module will ever depend upon '.' having
been removed from @INC.  While this solution has worked well for me, it
probably is not ideal either.

4. Change the current directory to one that is readable by adding 'cd /tmp' to
each cron job that performs a "sudo -u".  This has become an established
workaround, but requires modifying many cron entries.  Also not an ideal
solution.

5. Change the current directory to one that is readable by modifying all code
that performs a "sudo -u".  This may be as simple as adding "cd /tmp" at the
beginning of /usr/sbin/koha-foreach and /usr/sbin/koha-rebuild-zebra.  Possibly
the best solution for now.

Option #5 seems like the best one for now.  It is a clear, one-line solution
that doesn't require modifying any crons.

Thoughts?

-- 
You are receiving this mail because:
You are watching all bug changes.