PHP :: Bug #50163 :: IUSR_ NTFS permissions issue on PHP 5.2.11-nts

Bug #50163

IUSR_ NTFS permissions issue on PHP 5.2.11-nts

Submitted:

2009-11-13 09:23 UTC

Modified:

2013-01-08 08:08 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	2 (100.0%)

From:

be3ch at centrum dot cz

Assigned:

pajoye (profile)

Status:

No Feedback

Package:

Filesystem function related

PHP Version:

5.2.11

OS:

win32 only - Windows 2003 Server

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	be3ch at centrum dot cz
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-11-13 09:23 UTC] be3ch at centrum dot cz

Description:
------------
Hello,
I have installed PHP 5.2.11 on Windows 2003 Server, IIS6 and FastCGI handler. For this configuration is recommended usage of non-ts version of PHP. I'm encountered a problem with this version.

If I'm using PHP 5.2.11 ts and for IUSR are on webroot directory only READ permissions, all works correctly.

If I'm using PHP 5.2.11 non-ts and for IUSR are on webroot directory only READ permissions, files functions don't work. But functions like include or require work correctly.

If I'm using PHP 5.2.11 non-ts and for IUSR are on webroot directory READ+EXECUTE permissions, all works correctly.

There are some my test results :

Web=test.com
RootPath=D:\wwwroot\testcom\www\
TestScript=http://test.com/test.php
IUSR=IUSR_testcom

1) IUSR_testcom NTFS permissions on RootPath : READ

(OK) PHP 5.2.11 ts - test script result: bool(true)
(KO) PHP 5.2.11 non-ts  - test script result: Warning: file_exists(): open_basedir restriction in effect. File(test.php) is not within the allowed path(s): (D:\wwwroot\testcom;D:\tmp\System;D:\tmp\Php) in D:\wwwroot\testcom\www\test.php on line 3 bool(false)

2) IUSR_testcom NTFS permissions on RootPath : READ + EXECUTE

(OK) PHP 5.2.11 ts - test script result: bool(true)
(OK) PHP 5.2.11 non-ts  - test script result: bool(true)

Why PHP non-ts not working correctly when on root path are only READ permissions for IUSR? FastCGI and PHP are running with impersonate.

Reproduce code:
---------------
Test script test.php source code:

<?php

var_dump(file_exists('test.php'));

?>

Expected result:
----------------
bool(true)

Actual result:
--------------
Warning: file_exists(): open_basedir restriction in effect. File(test.php) is not within the allowed path(s): (D:\wwwroot\testcom;D:\tmp\System;D:\tmp\Php) in D:\wwwroot\testcom\www\test.php on line 3 bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-13 10:36 UTC] pajoye@php.net

5.2 did not support ACL correctly, 5.3 does.

[2009-11-13 10:57 UTC] be3ch at centrum dot cz

I'm think it's not problem with ACL, because with PHP 5.2.11 ts-version it works correctly and if script will be changed to FULL path :

<?php

var_dump(file_exists('D:\wwwroot\testcom\www\test.php'));

?>

it works with PHP 5.2.11 non-ts and only READ permissions correctly too.

[2009-11-13 11:00 UTC] pajoye@php.net

Simply try it with 5.3. impersonate and ACL has been improved/fixed there.

[2009-11-13 11:41 UTC] be3ch at centrum dot cz

Sorry, PHP 5.3.0 VC9 x86 Non Thread Safe - same problem.

Non-TS version of PHP not working correctly when on webroot directory are only READ NTFS permissions. It's working only with READ+EXECUTE.

[2009-11-13 12:02 UTC] pajoye@php.net

Pls run:

icacls D:\wwwroot\testcom\

icacls D:\wwwroot\testcom\www\

and past the result here. So we can try to reproduce your problem with the same settings.

[2009-11-13 12:15 UTC] be3ch at centrum dot cz

D:\wwwroot>icacls D:\wwwroot\testcom\
D:\wwwroot\testcom\ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                    NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(R)
                    BUILTIN\Administrators:(OI)(CI)(F)
                    TEST_SERVER\G6FTPUser:(OI)(CI)(R,W,D,DC)
                    TEST_SERVER\IUSR_testcom:(OI)(CI)(R)

Successfully processed 1 files; Failed processing 0 files

D:\wwwroot>icacls D:\wwwroot\testcom\www
D:\wwwroot\testcom\www BUILTIN\Administrators:(OI)(CI)(F)
                       TEST_SERVER\G6FTPUser:(OI)(CI)(R,W,D,DC)
                       TEST_SERVER\IUSR_testcom:(OI)(CI)(R)
                       NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(R)
                       NT AUTHORITY\SYSTEM:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

[2009-11-14 02:34 UTC] ksingla@php.net

Can you paste the value of include_path directive (ini_get('include_path')) for each of the cases? Given that fullpath to file works with just read permissions tell that relative path test.php is getting resolved to some other path which is outside open_basedir. Strange that adding execute permission make it resolve to a different path.

[2009-11-14 08:48 UTC] be3ch at centrum dot cz

open_basedir and include_path are for every case same :

open_basedir = D:\wwwroot\testcom;D:\tmp\System;D:\tmp\Php
include_path = .;D:\wwwroot\testcom\www;D:\wwwroot\testcom

If open_basedir is disabled (empty), result of test script with relative path is : bool(false) . Result with full path is correctly : bool(true).

[2009-11-20 08:42 UTC] be3ch at centrum dot cz

Any progress? :)

[2009-11-20 10:51 UTC] pajoye@php.net

I fail to reproduce this problem. No matter the OS or configuration, using 5.3 or 5.2.

[2009-11-24 20:14 UTC] be3ch at centrum dot cz

You can try this procedure to reproduce this problem:
- install Windows 2008 Server (x86)
- add Web Server role (for IIS7 support)
- download Web Platform Installer and install PHP 5.2.11

Now you have in IIS7 default web with PHP 5.2.11 support. Create test script test.php with this content :

<?php

var_dump(file_exists('test.php'));

?>

and copy test.php to C:\Inetpub\wwwroot . Now you can try http://localhost/test.php and you can see result of script :
bool(true).

There is default icacls result on C:\Inetpub\wwwroot directory :

wwwroot BUILTIN\IIS_IUSRS:(RX)
        BUILTIN\IIS_IUSRS:(OI)(CI)(IO)(GR,GE)
        NT SERVICE\TrustedInstaller:(I)(F)
        NT SERVICE\TrustedInstaller:(I)(OI)(CI)(IO)(F)
        NT AUTHORITY\SYSTEM:(I)(F)
        NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
        BUILTIN\Administrators:(I)(F)
        BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
        BUILTIN\Users:(I)(RX)
        BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
        CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

Now on folder C:\inetpub\wwwroot delete inheritance and change permissions to :

Administrators:F
IUSR:R
NETWORK SERVICE:R
System:F

icacls result will be:

wwwroot NT AUTHORITY\IUSR:(OI)(CI)(R)
        NT AUTHORITY\SYSTEM:(OI)(CI)(F)
        NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(R)
        BUILTIN\Administrators:(OI)(CI)(F)

Successfully processed 1 files; Failed processing 0 files

Restart IIS service and try http://localhost/test.php now. Result of script will be : bool(false). Now you can try change test script to full path and result will be bool(true). If you change PHP to TS version, result with relative path will be correct bool(true). PHP 5.3 NonTS same problem.

[2009-12-07 13:41 UTC] be3ch at centrum dot cz

Any progress? I can give you access to my VPS server, where you can see it. :)

[2010-01-25 08:50 UTC] pajoye@php.net

That would help yes, please drop me a mail with the access data :)

[2010-02-02 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2010-10-07 15:40 UTC] saurabh0 at gmail dot com

I am facing the same problem. Running PHP Version 5.3.3 (FastCgi, non-thread safe) on IIS6/Windows Server 2003.

All file functions give error when relative paths are used and with *only* Read permissions on the folder. e.g.

file_get_contents('./path/file.txt');

The above gives:
Warning: file_get_contents(./path/file.txt): failed to open stream: No such file or directory

If you give the full path its works fine. i.e. the follow works:

file_get_contents('C:/full/path/file.txt');

If you add "List Folder Contents" permission to the folder it starts to work with relative folders as well.

I am guessing the when relative paths are used php tries to get some information about the current folder which fails as the "List Folder Contents" is not given.

Note: I had php (5.2) running as ISAPI before and didn't have this problem. So it seems to be specific to non-thread safe version.

[2010-10-07 16:00 UTC] pajoye@php.net

-Status: No Feedback +Status: Feedback

[2010-10-07 16:00 UTC] pajoye@php.net

Please try using 5.3.3.

[2010-10-07 17:54 UTC] cataphract@php.net

Closed bug #53011 as a duplicate as this one.

Pierre: he's using PHP 5.3.3.

[2010-10-07 17:56 UTC] saurabh0 at gmail dot com

Some additional info:

var_dump(getcwd(), realpath("."));

gives:

string(7) "c:\php5" string(7) "C:\php5"

As expected, when you give "List Folder Contents" permission (in
addition to read) to the web root folder both functions return the
correct path.

[2010-10-07 18:25 UTC] cataphract@php.net

This might be unrelated (probably it's the same issue), but I can notice a difference between zts and non-zts on chdir.

Full Process Monitor log here:
http://nebm.ist.utl.pt/~glopes/misc/log50163.txt

The most relevant part is:

NON-ZTS:
7:16:40,4984188	php.exe	13220	CreateFile	C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\teste	ACCESS DENIED	Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a

ZTS:
Only a successful QueryDirectory to C:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\teste

[2010-10-07 18:32 UTC] cataphract@php.net

Forgot to add. The script was this one:

<?php
var_dump(chdir('c:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\teste'));
echo file_get_contents("./relative/file.txt");

The permissions on [...]\Debug_TS\teste were "Read" (i.e., List Folder/Read data, Read attributes and extended attributes, Read permissions, on the folder, subfolders and files). The simple permission "List folder contents" is actually giving additionally the permission Traverse Folder/execute files to the folder and subfolders.

[2010-10-07 19:03 UTC] cataphract@php.net

While chdir() requires traverse/execute permissions on the target folder (a permission that is ignored anyway, because bypass traverse checking is enabled by default), I cannot reproduce the bug using the CLI SAPI.

Setting the working directory to c:\Users\Cataphract\Documents\SDK\php54dev\vc9\x86\php54-trunk\Debug_TS\teste, and running the non-zts PHP with the script:

<?php
echo file_get_contents("./relative/file.txt");

worked perfectly. So this may be specific to the CGI SAPI.

[2013-01-08 08:08 UTC] pajoye@php.net

-Status: Feedback +Status: No Feedback

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 02:00:02 2025 UTC