php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14923 is_readable, is_writable, is_executable fail on POSIX ACL based filesystems
Submitted: 2002-01-07 22:05 UTC Modified: 2002-07-02 17:02 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: danpat at au dot adaptiveinterantional dot com Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4.1.0 OS: Linux 2.4.17, Debian unstable
Private report: No CVE-ID:
 [2002-01-07 22:05 UTC] danpat at au dot adaptiveinterantional dot com
The is_writeable, is_readable and is_executable functions
make the assumption that all permissions on POSIX systems
will be limited to UID/GID masks applied to the current
process UID and GID.

The particular application where this is biting me is accessing
files on an XFS filesystem.  On top of the plain old
file permissions, which by default give the webserver UID/GID
access to a whole swag of files, several files are specifically
excluded from the webserver UID/GID using POSIX ACL's such as:

  chuckles:/mnt/archive$ getfacl somefile
  # somefile: 002-asdf/
  # owner: danpat
  # group: users
  user::rwx
  group::r--
  other::r--
  group:www-data:---

The user "www-data" under which the webserver runs is a member
of both the "users" group and the "www-data" group.  This
ACL means that members of the "users" group who are no also
members of the "www-data" group can read the file, but people
who are in both groups may not.

For this case, calculating the bitmasks is not enough to determine
the correct result.

I note that the PHP code uses the stat() function to obtain
the file permissions and calculates the permissions itself.

There is an alternative function in access(2) which can be
used to obtain the readability, writeability and executability
of a file in a way such as:

  #include <unistd.h>

  int is_writeable(const char *filename) {
    return access(filename, W_OK);
  }

  int is_readable(const char *filename) {
    return access(filename, R_OK);
  }

  int is_executable(const char *filename) {
    return access(filename, X_OK);
  }

I believe something like this is probably more inline with what
the is_readable, is_writeable and is_executable function are
trying to achieve.  Currently, they're returning the mask of
the process UID/GID and the file mask, however, this isn't always
100% accurate (i.e. if running as the superuser, is_readable
is almost always true, even if the file permissions say otherwise).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-01 17:09 UTC] Jade Nicoletti <nicoletti at nns dot ch>
The submitter of this bug is right. PHP must not (try to) calculate access rights.
Only the operating system knows what really allows or denies access. There may be access control lists (ACLs), mandatory access control (MAC), capabilities and may be even other access determining factors in effect.
Therefore PHP should really use access(2) for the is_*able() family.
--Jade
 [2002-07-02 17:02 UTC] sterling@php.net
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 25 07:02:14 2014 UTC