Weird permission issue with kdb meta-set

[kodebach]

While testing I found a very weird permissions issue with kdb meta-set

Steps to Reproduce the Problem

# setup
sudo kdb mount "foo.spec.ini" "spec:/test/foo" ni
echo '
[]
mountpoint = foo.ini
infos/plugins = ni

[arr]
array =

[arr/#]

[arr/#/bar]
' | sudo kdb import "spec:/test/foo" ni
sudo kdb spec-mount "/test/foo"

### ISSUE START ###

kdb meta-get "/test/foo/arr" array
kdb meta-get "user:/test/foo/arr" array

kdb meta-set -- "user:/test/foo/arr" array "#0"

kdb meta-get "/test/foo/arr" array
kdb meta-get "user:/test/foo/arr" array

### ISSUE END ###


# cleanup (not relevant to issue)
sudo kdb rm -r "/test/foo"
rm "$(kdb file "user:/test/foo")"
sudo kdb umount "/test/foo"
sudo kdb umount "spec:/test/foo"

Expected Result

The snippet above should run successfully and print something along the lines of

Key not found
#0
#0

Actual Result

There is a permissions error during kdb meta-set:

 Sorry, 3 warnings were issued ;(
 1: Module ni issued the warning C01100:
        Resource: Insufficient permissions to open configuration file /usr/share/elektra/specification/foo.spec.ini.2182368:1646584108.60567.tmp for writing. You might want to retry as root. Reason: Permission denied
 2: Module sync issued the warning C01100:
        Resource: Could not open config file /usr/share/elektra/specification/foo.spec.ini.2182368:1646584108.60567.tmp. Reason: No such file or directory
 3: Module resolver_fm_hpu_b issued the warning C01100:
        Resource: Could not unlink the file '/usr/share/elektra/specification/foo.spec.ini.2182368:1646584108.60567.tmp'. Reason: No such file or directory
Sorry, module resolver_fm_hpu_b issued the error C01100:
Resource: Could not reopen configuration file '/usr/share/elektra/specification/foo.spec.ini' for writing. Reason: Permission denied

I suspect this has something to do with the fact, that we try to read/write with a cascading parent.

System Information

• Elektra: master

Further Information

The whole thing gets a lot weirder, however, when we try to experiment a bit.

1. The spec that is used for spec-mount is important. The one I provided seems to be minimal. You need an array parent, a spec for the array elements and you also need keys below the array elements. No actual metadata is needed, so this is caused either by the kdb tool, the kdb lib or the spec plugin.
2. It works when you use

   sudo kdb meta-set -- "user:/test/foo/arr" array "#0"

   instead. This works as expected. It set sets the user:/ key for the root user. When you also use sudo kdb meta-get you can observe the expected behaviour.
3. Interestingly, after the first sudo kdb meta-set it works without sudo. The following replacement also produces the expected behaviour (with the side effect of also setting the user:/ key for the root user):

   sudo kdb meta-set -- "user:/test/foo/arr" array "#0"
   kdb meta-set -- "user:/test/foo/arr" array "#0"

[markus2330]

I can reproduce the issue. Maybe the spec plugin copies something also to spec: and Elektra tries to write this, too? Further investigation is needed.

[flo91]

@markus2330 This looks like an issue for the FLOSS course.

[kodebach]

I think this is related to #4061. Both seem to follow similar steps and #4061 shows that spec removes a spec:/ key. That would explain the permissions issue. The spec:/ key also isn't added again, that would also explain why a second meta-set works.

So yes, it could be FLOSS issue, but it is very hard to say how much effort fixing this would be.

[joni1993]

I could reproduce this on master (d1a8f82)

3. Interestingly, after the first sudo kdb meta-set it works without sudo. The following replacement also produces the expected behaviour (with the side effect of also setting the user:/ key for the root user):

What do you mean by it works without sudo? Executing this commands gives me a permission error too.

[kodebach]

What do you mean by it works without sudo? Executing this commands gives me a permission error too.

Then this may have changed since I reported the issue.

[github-actions]

I mark this stale as it did not have any activity for one year. I'll close it in two weeks if no further activity occurs. If you want it to be alive again, ping by writing a message here or create a new issue with the remainder of this issue.
Thank you for your contributions 💖

[github-actions]

I closed this now because it has been inactive for more than one year. If I closed it by mistake, please do not hesitate to reopen it or create a new issue with the remainder of this issue.
Thank you for your contributions 💖