Tech Note: Safely Going Live with New Code
Charles Johnson
Mon May 12, 2008 at 4:20 pm PDT • Views: 251
Tonight's geeked out post has to do with the difficulty of safely uploading changed web application files. Pretty sexy, huh?
When I make changes to one of the PHP scripts that drive the LGF Blog Engine, the new file has to be uploaded to the LGF web server, of course. The problem comes if someone happens to browse to that file while the upload process is taking place; this can lead to the browser being served corrupted data. The user may see a partial page load, an error, or just a blank screen in that case, and we all know how painful that can be.
The solution to this problem is known as a "file swap." You upload the new file with a different temporary name, then rename the new file to the original name. This works because the Linux 'mv' command (which is used to rename files) does not actually rewrite any data; it simply changes the filename-to-inode mapping, so that the filename points to the new data. If the old file data is being read in the middle of this operation, it's not a problem because the data continues to exist in its old location (for a while); the operating system doesn't reallocate the inode and overwrite that data until all open file handles to it are closed.
In those long-ago days of yesteryear when the LGF Blog Engine was based on a flat file system, I used this swapping technique for almost everything, and solved some serious problems with race conditions that would occasionally wipe out files.
To finish off this short exercise in geekitude, here's a bash shell script I use to automatically rename any recently uploaded temporary files.
(Note: when I upload a temporary file, I use the naming convention 'filename.tmp.php' so that the file is still a valid PHP file; this way if someone just happens to browse to it before it's renamed, they won't see a page full of PHP code. That would be annoying to them and a possible security problem for LGF.)
#!/bin/bash
# Rename LGF temp files to live versions
cd /path/to/weblog/folder/
if stat -t *.tmp.php >/dev/null 2>&1; then
for tmp in *.tmp.php; do
mv -i $tmp ${tmp/.tmp/}
done
fi
Frank says: