Inherited Permissions Not Applied in CouchDB's Windows Installer

[sht2017]

Description

The CouchDB Windows installation program will not inherit the default permission setting of the parent path to the installation path. That could lead to the problem described in original description.

Original Steps to Reproduce [Solved]

Cannot start couchdb server on Windows with a fresh install.

According to the error message, seems it may caused by improper permission configuration or missing files ({badmatch,{error,eacces}). Tried to install it on another path and repair it, still stayed the same.
I doubt that might be a bug because it won't make the installation path auto-inherit the parent-path's permission.

Steps to Reproduce

Original Steps to Reproduce [Solved]

Start the InstallationFile.msi, install without checking the checkbox registered as Windows Service. Keeps the rest of settings default.

${InstallationPath}\bin>couchdb.cmd
{"Kernel pid terminated",application_controller,"{application_start_failure,couch_log,{{shutdown,{failed_to_start_child,couch_log_server,{{badmatch,{error,eacces}},[{couch_log_writer,init,0,[{file,\"src/couch_log_writer.erl\"},{line,36}]},{couch_log_server,init,1,[{file,\"src/couch_log_server.erl\"},{line,56}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,423}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,226}]}]}}},{couch_log_app,start,[normal,[]]}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,couch_log,{{shutdown,{failed_to_start_child,couch_log_server,{{badmatch,{error,eacces}},[{couch_log_writer,init,0,[{file,"src/couch_log_writer.erl"},{line,36}]},{couch_log_server,init,1,[{file,"src/couch_log_server.erl"},{line,56}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,423}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}}},{couch_log_app,start,[normal,[]]}}})

Expected Behaviour

The installation path of the program should have the same permission as its parent.

Original Steps to Reproduce [Solved]

Start the couchdb server.

Your Environment

• CouchDB version used: 3.3.3-2 (Latest release on (https://neighbourhood.ie/download-apache-couchdb-win/)[https://neighbourhood.ie/download-apache-couchdb-win/])
• Browser name and version: Google Chrome 123.0.6312.86 (Stable) (x64)
• Operating system and version: Windows 11 23H2 (22631.3296)

Additional Context

[big-r81]

Hey,

your user account has no write permissions on your installation directory. Check your users security settings.

[rnewson]

{error,eacces} is the important bit. couchdb is not permitted to write to the log file location you've configured.

[sht2017]

{error,eacces} is the important bit. couchdb is not permitted to write to the log file location you've configured.

Hey,

your user account has no write permissions on your installation directory. Check your users security settings.

Thanks, for solving it by manually resetting the installation path's permission. However, somehow the setup program for Windows would alternate the installation path permission. I doubt that might be a bug because it won't make the installation path auto-inherit the parent-path's permission.

[big-r81]

Hi,

commenting on your video from above:
The msi is doing an administrative installation of CouchDB (UAC window is opening during setup), so the install directory has system rights. Looking at the wix installer we have this:

<CreateFolder>
  <Permission User="[WIX_ACCOUNT_LOCALSYSTEM]" GenericAll="yes" />
  <Permission User="[WIX_ACCOUNT_ADMINISTRATORS]" GenericAll="yes" />
  <Permission User="[WIX_ACCOUNT_USERS]" GenericRead="yes" GenericExecute="yes" />
</CreateFolder>

So users in the USERS group will get read/execute access by default ...

[sht2017]

Hi,

commenting on your video from above: The msi is doing an administrative installation of CouchDB (UAC window is opening during setup), so the install directory has system rights. Looking at the wix installer we have this:

<CreateFolder>
  <Permission User="[WIX_ACCOUNT_LOCALSYSTEM]" GenericAll="yes" />
  <Permission User="[WIX_ACCOUNT_ADMINISTRATORS]" GenericAll="yes" />
  <Permission User="[WIX_ACCOUNT_USERS]" GenericRead="yes" GenericExecute="yes" />
</CreateFolder>

So users in the USERS group will get read/execute access by default ...

I still believe so.
Since the part you provide,
<Permission User="[WIX_ACCOUNT_USERS]" GenericRead="yes" GenericExecute="yes" />
Obviously, the USERS group will not get write access by default. If anyone tries to start CouchDB server without the administrator's permission it will fail anyway due to the lack of write access to the default log path as I occoured.

{"Kernel pid terminated",application_controller,"{application_start_failure,couch_log,{{shutdown,{failed_to_start_child,couch_log_server,{{badmatch,{error,eacces}},[{couch_log_writer,init,0,[{file,\"src/couch_log_writer.erl\"},{line,36}]},{couch_log_server,init,1,[{file,\"src/couch_log_server.erl\"},{line,56}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,423}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,226}]}]}}},{couch_log_app,start,[normal,[]]}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,couch_log,{{shutdown,{failed_to_start_child,couch_log_server,{{badmatch,{error,eacces}},[{couch_log_writer,init,0,[{file,"src/couch_log_writer.erl"},{line,36}]},{couch_log_server,init,1,[{file,"src/couch_log_server.erl"},{line,56}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,423}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}}},{couch_log_app,start,[normal,[]]}}})

Crash dump is being written to: erl_crash.dump...

So I guess we may need to consider that to let the USERs group obtain write access to the path, or change the default path for log file...
Or at least, I guess we need to put it in document

[sht2017]

@big-r81

[big-r81]

Hi,

I think we should not mix things here. The current setup is an administrative installation (exactly a system-wide install) with the possibility to install and run CouchDB as a Windows service (with administrator privileges). So far, all is working as expected. Currently, CouchDB is not intended to run under a "normal" user after installation.
At the moment you have the possibility (workaround) change the installation folder permissions to have write access for the current user after the installation.

To fix this as a whole, there need to be more changes to the process of distributing it for Windows:

1. Create an installer, which allows a system-wide or user-wide installation of CouchDB and / or
2. Distribute CouchDB as a zipped package without installation at all

I would welcome any PRs which provide more flexible and user-friendly installation methods in the CouchDB Glazier repository. 😉

[sht2017]

Hi,

I think we should not mix things here. The current setup is an administrative installation (exactly a system-wide install) with the possibility to install and run CouchDB as a Windows service (with administrator privileges). So far, all is working as expected. Currently, CouchDB is not intended to run under a "normal" user after installation. At the moment you have the possibility (workaround) change the installation folder permissions to have write access for the current user after the installation.

To fix this as a whole, there need to be more changes to the process of distributing it for Windows:

1. Create an installer, which allows a system-wide or user-wide installation of CouchDB and / or
2. Distribute CouchDB as a zipped package without installation at all

I would welcome any PRs which provide more flexible and user-friendly installation methods in the CouchDB Glazier repository. 😉

Sure, I'll look into the CouchDB Glazier repository =)