docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon sismics

importer: File with 0640 permission causes new document on every poll, but no files

Open madduck opened this issue 1 year ago • 2 comments

I just put a PDF file into the imoprter directory (which has permissions 1777), but the file itself only had 0640. Since both the importer as well as Jetty run as root (ugh!), I didn't think this was going to be a problem. But that is the issue, changing permissions to 0644 makes it all work.

However, here is what happened while permissions were at 0640:

  1. Every 40 seconds, a new document would be created (presumably just based on the filename), but without any files (as they weren't readable, despite running as root?)
  2. The file in the import directory would not get removed, hence goto 1.

Here are the logs from the server:

Sep 07 13:04:19 paperless docker-compose[54300]: teedy-server_1   | 07 Sep 2023 13:04:19,788 INFO com.sismics.docs.core.listener.async.DocumentCreatedAsyncListener.on(DocumentCreatedAsyncListener.java:35) Document created event: DocumentCreatedAsyncEvent{documentId=3b4cea2c-0d13-4844-a07c-c3c67493a091}
Sep 07 13:04:49 paperless docker-compose[54300]: teedy-server_1   | 07 Sep 2023 13:04:49,369 INFO com.sismics.docs.core.listener.async.DocumentCreatedAsyncListener.on(DocumentCreatedAsyncListener.java:35) Document created event: DocumentCreatedAsyncEvent{documentId=d1ac2767-e23d-4ad8-a3f3-691690e085e2}
Sep 07 13:05:19 paperless docker-compose[54300]: teedy-server_1   | 07 Sep 2023 13:05:19,477 INFO com.sismics.docs.core.listener.async.DocumentCreatedAsyncListener.on(DocumentCreatedAsyncListener.java:35) Document created event: DocumentCreatedAsyncEvent{documentId=178de1ae-27af-4d67-9dcc-8eb90030e4e8}

The importer did not log anything.

And here is what the result looks like after 2 minutes (3 polls):

image

madduck avatar Sep 07 '23 11:09 madduck

Your file is probably unreadable by Teedy. I will need a reproducer if possible (other people use the importer with no issue).

jendib avatar Sep 07 '23 12:09 jendib

It's readable, assuming the importer is actually running as root and doesn't drop privileges, which I can't see the code doing:

~ # ps aux
PID   USER     TIME  COMMAND
    1 root      0:10 /teedy-importer -d
   43 root      0:00 ash
   75 root      0:00 ps aux
~ # ls -ld /proc/1
dr-xr-xr-x    9 root     root             0 Sep  7 07:12 /proc/1

As root myself, I can read the file and manipulate the directory just fine:

~ # cd /import/
/import # ls -l
total 412
-rw-r-----    1 1000     root        420317 Sep  7 16:16 2023.07.25 Saturn 143054.pdf
/import # id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
/import # md5sum 2023.07.25\ Saturn\ 143054.pdf 
592df2ef2c2fa9f21e6744714469a531  2023.07.25 Saturn 143054.pdf
/import # rm 2023.07.25\ Saturn\ 143054.pdf 
/import # ls -l
total 0

madduck avatar Sep 07 '23 16:09 madduck