Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Making loaded files writable #58

Closed
samul-1 opened this issue Oct 20, 2022 · 1 comment
Closed

Making loaded files writable #58

samul-1 opened this issue Oct 20, 2022 · 1 comment

Comments

@samul-1
Copy link

samul-1 commented Oct 20, 2022

Hello,

I'm using Jobe as a code sandbox for my own LMS.

One change I'm trying to make is making files loaded in the workdir writable. I tried a few things but none worked.

First thing I tried: in LanguageTask.php, function prepare_execution_environment, I changed this line:

exec("setfacl -m u:{$this->user}:rwX {$this->workdir}")

to

 exec("setfacl -Rmd u:{$this->user}:rwX {$this->workdir}")

expecting that the rule would apply recursively to all files in the folder, including ones generated in the future. However, for some reason, what ends up happening is that I am not able to execute the executable file after compiling: for example, with a C task, I get

/usr/bin/ld: cannot open output file prog.c.exe: Permission denied
collect2: error: ld returned 1 exit status

Second thing I tried: in the function load_files in LanguageTask.php, after creating each file with file_put_contents, I added:

chown($destPath, $this->user)

However, this fails because it can only be used as root user, which is not the user under which Jobe runs.

How can I make the loaded files writable? Maybe I don't have a deep enough understanding of how Jobe works yet to find a solution, so any help is welcome.
@trampgeek
Copy link
Owner

Making uploaded files non-writeable was of course by design, for when using Jobe with Moodle CodeRunner. Even there, though, we occasionally want files to be writeable (e.g. with database questions, where the uploaded file is an sqlite3 database) and we achieve that simply by making a fresh copy of the original file for each test. A solution of that sort might be possible for you?

I wrote the Jobe code many years ago and can't immediately recall the details relating to FACLs. But perhaps the reason that your setfacl failed is that the -d flag removes all existing ACL entries, so that when the compile is attempted (which I think is still done by user www-data) the directory is no longer writeable by www-data? You might be able to fix that by adding another ACL to restore write access by www-data?

However, I recall that setting up the ACLs took quite a lot of thought, so I'd be reluctant to tinker with them myself. I think it would be cleaner to explicitly give jobe (or, better the specific jobe user) write access to each of the downloaded files, as you attempted with your chown approach. I think you can do that simply by prefixing the command with sudo. That should work as www-data is in the sudoers group (which it has to be in order to switch to the jobe user when running runguard. No guarantees, of course :)

Hope that helps. As I say, my memory of this is rather sketchy and I don't have time to work through it all again.

-- Richard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trampgeek @samul-1