View Issue Details

IDProjectCategoryView StatusLast Update
0005899CentOS-6yumpublic2012-08-15 23:20
Reporterjcbollinger 
PrioritynormalSeveritycrashReproducibilitysometimes
Status newResolutionopen 
Platformx86_64OSCentOSOS Version6.3
Product Version6.3 
Target VersionFixed in Version 
Summary0005899: "yum list" sometimes crashes with a permission error
DescriptionRunning "yum list <pattern>" as an unprivileged user sometimes crashes with a permission denied error. The crash seems reproducible for a given <pattern> on the system I'm testing, but it does not occur for some other patterns. The same command that fails for an unprivileged user succeeds and produces seemingly correct output when run as a privileged user (e.g. via sudo).

Example session:

[me@machine ~]$ yum list "xorg*-devel"
Loaded plugins: fastestmirror, kabi, presto, priorities, protectbase, refresh-
              : packagekit, security
Loading support for CentOS kernel ABI
Loading mirror speeds from cached hostfile
 * elrepo: repos.dfw.lax-noc.com
131 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in <module>
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 285, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 136, in main
    result, resultmsgs = base.doCommands()
  File "/usr/share/yum-cli/cli.py", line 438, in doCommands
    return self.yum_cli_commands[self.basecmd].doCommand(self, self.basecmd, self.extcmds)
  File "/usr/share/yum-cli/yumcommands.py", line 311, in doCommand
    columns = _list_cmd_calc_columns(base, ypl)
  File "/usr/share/yum-cli/yumcommands.py", line 277, in _list_cmd_calc_columns
    _add_pkg_simple_list_lens(data, pkg)
  File "/usr/share/yum-cli/yumcommands.py", line 264, in _add_pkg_simple_list_lens
    rid = len(pkg.ui_from_repo)
  File "/usr/lib/python2.6/site-packages/yum/packages.py", line 710, in <lambda>
    ui_from_repo = property(fget=lambda self: self._ui_from_repo())
  File "/usr/lib/python2.6/site-packages/yum/packages.py", line 702, in _ui_from_repo
    if self.repoid == 'installed' and 'from_repo' in self.yumdb_info:
  File "/usr/lib/python2.6/site-packages/yum/rpmsack.py", line 1847, in __contains__
    x = self.get(attr)
  File "/usr/lib/python2.6/site-packages/yum/rpmsack.py", line 1877, in get
    res = self._read(attr)
  File "/usr/lib/python2.6/site-packages/yum/rpmsack.py", line 1794, in _read
    info = misc.stat_f(fn)
  File "/usr/lib/python2.6/site-packages/yum/misc.py", line 946, in stat_f
    return os.stat(filename)
OSError: [Errno 13] Permission denied: '/var/lib/yum/yumdb/x/b9018cd29d3945af86e66e8e443988e6c36f3886-xorg-x11-proto-devel-7.6-13.el6-noarch/from_repo'


Example with sudo:
[me@machine ~]$ sudo yum list "xorg*-devel"
Loaded plugins: fastestmirror, kabi, presto, priorities, protectbase, refresh-
              : packagekit, security
Loading support for CentOS kernel ABI
Loading mirror speeds from cached hostfile
 * elrepo: repos.dfw.lax-noc.com
adobe-linux-x86_64 | 951 B 00:00
adobe-linux-x86_64/primary | 1.2 kB 00:00
adobe-linux-x86_64 2/2
base | 3.7 kB 00:00
base/primary_db | 4.5 MB 00:00
elrepo | 1.9 kB 00:00
elrepo/primary_db | 424 kB 00:00
epel | 4.0 kB 00:00
epel/primary_db | 4.4 MB 00:00
extras | 3.0 kB 00:00
extras/primary_db | 6.3 kB 00:00
graphviz-stable | 951 B 00:00
graphviz-stable/primary | 8.1 kB 00:00
graphviz-stable 31/31
local | 1.9 kB 00:00
local/primary_db | 342 kB 00:00
updates | 1.9 kB 00:00
updates/primary_db | 854 kB 00:00
131 packages excluded due to repository priority protections
0 packages excluded due to repository protections
Installed Packages
xorg-x11-proto-devel.noarch 7.6-13.el6 @base
Available Packages
xorg-x11-drv-evdev-devel.i686 2.6.0-2.el6 base
xorg-x11-drv-evdev-devel.x86_64 2.6.0-2.el6 base
xorg-x11-drv-intel-devel.i686 2.16.0-4.el6 base
xorg-x11-drv-intel-devel.x86_64 2.16.0-4.el6 base
xorg-x11-drv-openchrome-devel.i686 0.2.904-4.el6 base
xorg-x11-drv-openchrome-devel.x86_64 0.2.904-4.el6 base
xorg-x11-drv-synaptics-devel.i686 1.4.1-3.el6 base
xorg-x11-drv-synaptics-devel.x86_64 1.4.1-3.el6 base
xorg-x11-drv-wacom-devel.i686 0.13.0-6.el6 base
xorg-x11-drv-wacom-devel.x86_64 0.13.0-6.el6 base
xorg-x11-server-devel.i686 1.10.6-1.el6.centos base
xorg-x11-server-devel.x86_64 1.10.6-1.el6.centos base
xorg-x11-xtrans-devel.noarch 1.2.2-4.1.el6 base


When I examine the directory named in the error message, I find that it has permissions 0750 and its contents have permissions 0640, whereas most of its siblings have permissions 0755/0644.
Steps To ReproduceAny "yum list <pattern>" command whose pattern matches an affected directory seems to elicit the error.
Additional InformationIt is unclear how the affected directories acquired the permissions they have, but 'find' tells me that about 5% of the currently-installed packages are (were) affected. It looks like these may mostly or even all be packages that were installed manually ("sudo yum install <somepackage>") after the initial OS install. They come from a variety of repositories, including official CentOS repos and third-party repos.

Even "yum clean all" by a privileged user fails to resolve the error. I eventually solved it by manually correcting the permissions, but I suspect the problem will resurface.
TagsNo tags attached.

Activities

jcbollinger

jcbollinger

2012-08-15 18:33

reporter   ~0015659

To follow up, I just installed four more packages, xorg-x11-server-devel and three dependencies, all pulled from the CentOS 6.3 "base" repository. The yumdb directories for all four had incorrect permissions.

I think, therefore, that the reproducibility can be increased to "always", with these steps:

1. Log in as an unprivileged user

2. Install a new package via sudo ("sudo yum install <package-name>")

3. Attempt to list the newly-installed package without privilege ("yum list <package-name>")
jcbollinger

jcbollinger

2012-08-15 23:20

reporter   ~0015660

Also, in case it's relevant, it just occurred to me that I use umask 027 in my personal shell configuration, and yum's behavior is consistent with applying that umask to newly created files and directories. That would be very unfortunate, as the proper permissions on the yumdb/ contents do not depend on the umask of the user running yum.

Yum exhibits the same behavior in CentOS 6.2, but not in CentOS 5.8 (which does not seem to use /var/lib/yum at all).

Issue History

Date Modified Username Field Change
2012-08-15 18:11 jcbollinger New Issue
2012-08-15 18:33 jcbollinger Note Added: 0015659
2012-08-15 23:20 jcbollinger Note Added: 0015660