php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30931 is_writable() and is_readable() return false when access is permitted via ACL
Submitted: 2004-11-29 17:26 UTC Modified: 2005-10-22 19:11 UTC
Votes:21
Avg. Score:4.8 ± 0.5
Reproduced:19 of 19 (100.0%)
Same Version:9 (47.4%)
Same OS:6 (31.6%)
From: bugzilla-php at bwurst dot org Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 5.0.2 OS: gentoo linux (kernel 2.6)
Private report: No CVE-ID:
 [2004-11-29 17:26 UTC] bugzilla-php at bwurst dot org
Description:
------------
PHP's is_readable() and is_writable() function report nonsense on ACLs...

We have the following test case:
A file containing 
<?php
echo __FILE__.' is '.(is_readable(__FILE__) ? '' : 'NOT ')."readable!<br>\n";
echo __FILE__.' is '.(is_writable(__FILE__) ? '' : 'NOT ')."writable!<br>\n";
?>

it's made accessible to the webserver via
$ getfacl index.php
# file: index.php
# owner: someuser
# group: webadm
user::rw-
user:apache:rw-
group::r--
mask::rw-
other::---

So apache is neither the owner nor in the group but it's accessible through ACL.
If I call this file via the webserver, I get 
/srv/http/[...]/test/index.php is NOT readable!
/srv/http/[...]/test/index.php is NOT writable!

[...] has been inserted by me, of course.

This method works perfectly, the webserver (and also PHP) *can* read and write the file but the is_readable() and is_writable() return wrong values.

It really seems like bug #14923, but that one's fixed after php-4.1.0. Also it's CLOSED, so I cannot add a comment there. :-(


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-28 21:21 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-03-08 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2005-05-12 21:34 UTC] nickls at apple dot com
This also effects OS X Tiger ACLs.
Why was this changed from access() on PHP 4.3.X?
 [2005-06-12 16:16 UTC] jr at terragate dot net
I've written a patch to address this issue.

It uses POSIX's access function to determine file 
permissions.

I tested this patch on Mac OS 10.4.1, Windows XP SP2 and 
FreeBSD 5.2.1.

I am not sure if this patch also works for Win 9x (maybe 
R_OK, W_OK etc. are not defined there) and other non POSIX 
conformant OSes. Probably some more #ifndefs are required.

http://jr.terragate.net/access.diff
 [2005-06-15 23:51 UTC] 1 at 234 dot cx
I don't know if this is useful to anyone, but this seems to be a regression of bug #14923, which was fixed back in 2002.

I have just experienced the bug on Fedora 4.  I tried JR's patch, and that solves the problem for me.

Thanks,
Pete
 [2005-08-08 18:18 UTC] ka at pacific dot net
Same bug found here in 5.04 on Fedora Core 4 with modphp
Symptom: modphp cannot write to files even if they are `chmod 777`, if there is an acl for apache on the file.
 [2005-08-26 03:03 UTC] matthew at acintrix dot net
I too am expierencing this bug on Fedora Core 4 with PHP 
5.0.4.
 [2005-09-02 23:01 UTC] 1 at 234 dot cx
I was just wondering if anyone can review the patch which has been posted here.  This seems to be a well defined bug with a patch that solves the problem, is there any reason not to check it in?

If there *is* a reason not to check the patch in, I am sure one of us will work on improving it.  Before we can do this, though, we need a clue what issues people see with the patch as it stands.
 [2005-10-14 16:10 UTC] cunha17 at gmail dot com
PHP should not try to calculate permissions because only the Operating System can do it right. As someone pointed out, PHP is ignoring my POSIX ACL and Trustees too.
 [2005-10-22 19:11 UTC] wez@php.net
Will be fixed in PHP 5.1.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC