I've installed man-db and did not modify it a bit. There is an /etc/cron.daily/man-db script in this package and its execution even under the root user results in "fopen: Permission denied". The exact program leading to this output is mandb. Here is it output: # mandb mandb: warning: $MANPATH set, ignoring /etc/man_db.conf Purging old database entries in /usr/share/man... Processing manual pages under /usr/share/man... fopen: Permission denied
Please post your `emerge --info' output in a comment.
Portage 2.1.11.31 (hardened/linux/x86, gcc-4.5.4, glibc-2.15-r3, 3.5.4-hardened-r1-1 i686) ================================================================= System uname: Linux-3.5.4-hardened-r1-1-i686-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-gentoo-2.1 Timestamp of tree: Thu, 20 Dec 2012 11:15:01 +0000 ld GNU ld (GNU Binutils) 2.22 app-shells/bash: 4.2_p37 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/pkgconfig: 0.27.1 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.4 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going" FCFLAGS="-march=i686 -O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-march=i686 -O2 -pipe" GENTOO_MIRRORS="ftp://mirror.yandex.ru/gentoo-distfiles http://mirror.yandex.ru/gentoo-distfiles" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://mirror.yandex.ru/gentoo-portage" USE="acl acpi bash-completion berkdb bzip2 cli cracklib crypt cxx dri gdbm hardened iconv idn mmx modules mudflap ncurses nls nptl openmp pam pax_kernel pcre pic pppd readline session sse ssl tcpd unicode urandom vhosts vim-syntax x86 zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel mach64 mga nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Seen this as well -- get an email from the cronjob with the same error message every morning.
run as root: su man -c 'strace -o /tmp/log -s 4096 mandb' -s /bin/sh then post the /tmp/log file as an attachment
(In reply to comment #4) > run as root: > su man -c 'strace -o /tmp/log -s 4096 mandb' -s /bin/sh > > then post the /tmp/log file as an attachment It is of 108M size, I can't attach it here.
(In reply to comment #5) if it doesn't compress down with `xz -9`, then e-mail it to me: vapier@gmail
(In reply to comment #6) your log file doesn't contain any errors. looks like it ran like normal. did it issue "fopen: Permission denied" when you ran it as suggested ?
(In reply to comment #7) I reran it again, it does not. It also does not result in permission error if I run it under man user without strace. However, under root an error occurs and script under cron.daily does not contain user change.
(In reply to comment #7) I can send you strace under root if you want.
the error from your log: open("/var/cache/man/12484", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) if you run as root: find /var/cache/man/ -type f -delete then run as root: mandb does it work ? if not, what are the permissions of /var/cache/man set to ? it should be: drwxr-sr-x 14 man root 4096 Dec 21 17:07 /var/cache/man
(In reply to comment #10) The permissions for the /var/cache/db were incorrect. However, removing man-db alone did not help. I had to remove /var/cache/db manually and reinstall man-db to make it working. By the way, after reinstallation I had a plenty of messages like "mandb: warning: /usr/share/man/man3/ne_session_proxy.3.bz2: bad symlink or ROFF `.so' requestmandb: can't open /usr/share/man/ne_ssl_cert_read.3: No such file or directory" in the output of mandb for the first run. Is it right?
we can probably add a transition path from sys-apps/man (which does root:root) to man-db (which does man:root)
(In reply to comment #12) Owners were correct. Lack of sticky bit was a problem.
Created attachment 335182 [details, diff] workaround patch for man-db-2.6.3-r1.ebuild In my case, owners of /var/cache/man were also incorrect, not only about lack of sticky bit. Before man-db is merged (sys-apps/man-1.6g is installed): $ ls -ld /var/cache/man/ drwxrwxr-x 19 root man 4096 Jan 15 2012 /var/cache/man/ After man-db-2.6.3-r1 is merged: $ ls -ld /var/cache/man/ drwxrwxr-x 6 root man 4096 Jan 11 20:00 /var/cache/man/ Permissions were set properly at src_install() phase. # ebuild /usr/portage/sys-apps/man-db/man-db-2.6.3-r1.ebuild install # ls -ld /var/tmp/portage/sys-apps/man-db-2.6.3-r1/image/var/cache/man/ drwxr-sr-x 2 man root 4096 Jan 11 20:10 /var/tmp/portage/sys-apps/man-db-2.6.3-r1/image/var/cache/man/ But after merge, permissions will be automagically reverted if /var/cache/man already exists. I saw the similar case in Bug 40322. Workaround patch is attached.
should be all set now in the tree; thanks for the report! Commit message: Reset permissions/owners on /var/cache/man if they are broken (like when migrating from sys-apps/man) http://sources.gentoo.org/sys-apps/man-db/man-db-2.6.3-r1.ebuild?r1=1.1&r2=1.2
(In reply to comment #15) > should be all set now in the tree; thanks for the report! > > Commit message: Reset permissions/owners on /var/cache/man if they are > broken (like when migrating from sys-apps/man) > http://sources.gentoo.org/sys-apps/man-db/man-db-2.6.3-r1.ebuild?r1=1.1&r2=1. > 2 Still there is a little issue. man-db sets SETGID to /var/cache/man but sys-apps/man doesn't clear it. So, # emerge -1 =sys-apps/man-db-2.6.3-r1 # emerge -1 sys-apps/man # emerge -1 =sys-apps/man-db-2.6.3-r1 # mandb mandb: warning: $MANPATH set, ignoring /etc/man_db.conf Purging old database entries in /usr/share/man... Processing manual pages under /usr/share/man... fopen: Permission denied # ls -ld /var/cache/man drwxrwsr-x 30 root man 4096 Jan 13 12:39 /var/cache/man In this case, "Reseting permissions" never be executed because there is already SETGIDed /var/cache/man. if [[ ! -g ${EROOT}var/cache/man ]] ; then einfo "Resetting permissions on ${EROOT}var/cache/man" #447944 mkdir -p "${EROOT}var/cache/man" chown -R man:root "${EROOT}"var/cache/man find "${EROOT}"var/cache/man -type d '!' -perm /g=s -exec chmod 2755 {} + fi
This does still appear to be an issue - a relatively newly created host was giving permission denied when cron was running mandb until I manually chown'd and chmod'd /var/cache/man.
