|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-09-08 15:08 UTC] aj at ajhenderson dot com
Description: ------------ When attempting to scandir() on a folder which the user has permission to, it fails with Access is Denied (code 5) if the user does not have access to the parent directory as well. Expected result: ---------------- Scandir should be able to scan the folder that the PHP user has permission to access. Actual result: -------------- Access is denied (code 5) returned. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Mon Oct 27 00:00:01 2025 UTC |
When testing, remember that NTFS has permission inheritance. 1. Create parent and child directories 2. Edit permissions on both to disable inheritance (and replace with existing inherited permissions) 3. Remove permissions on parent folder Commands like dir (`dir parent\child`) are able to display the contents of the child directory, however commands like attrib (`attrib parent\child`) rightfully do not work. It'd be easy to say that PHP's behavior is intentional/not a bug, however if dir can do it then I'd think PHP should be able to as well. <?php // setup mkdir("parent") && mkdir("parent\\child") && touch("parent\\child\\file.txt"); passthru("icacls parent /inheritance:d"); // so we can remove this user's perms passthru("icacls parent\\child /inheritance:d"); // so it doesn't inherit parent's perms passthru("icacls parent /remove %USERNAME%"); // works passthru("dir parent\\child"); // does not work print_r(scandir("parent\\child")); // cleanup passthru("icacls parent /grant %USERNAME%:f"); unlink("parent\\child\\file.txt") && rmdir("parent\\child") && rmdir("parent"); ?>Interesting. I tried 7.0.10 (NTS x64) on Win10 Pro 10586. Add a passthru("icacls parent"); to the end of the setup block: I get as output parent NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) Do you have anyone else listed there? That could be a difference between Home and Pro - or just a difference in our setups, of course. Speaking of, I'm logged in as a domain user who is supposedly part of the local Administrators group. Anyway, Process Monitor shows only a failed CreateFile for parent: High Resolution Date & Time: 2016-09-09 22:44:21.3795403 Event Class: File System Operation: CreateFile Result: ACCESS DENIED Path: ...\parent TID: 8444 Duration: 0.0000311 Desired Access: Read Data/List Directory, Synchronize Disposition: Open Options: Directory, Synchronous IO Non-Alert Attributes: n/a ShareMode: Read, Write, Delete AllocationSize: n/a Watching cmd, `dir parent\child` does a CreateFile directly on child.