go to bug id or search bugs for
When attempting to scandir() on a folder which the user has permission to, it fails with Access is Denied (code 5) if the user does not have access to the parent directory as well.
Scandir should be able to scan the folder that the PHP user has permission to access.
Access is denied (code 5) returned.
Add a Patch
Add a Pull Request
When testing, remember that NTFS has permission inheritance.
1. Create parent and child directories
2. Edit permissions on both to disable inheritance (and replace with existing inherited permissions)
3. Remove permissions on parent folder
Commands like dir (`dir parent\child`) are able to display the contents of the child directory, however commands like attrib (`attrib parent\child`) rightfully do not work. It'd be easy to say that PHP's behavior is intentional/not a bug, however if dir can do it then I'd think PHP should be able to as well.
mkdir("parent") && mkdir("parent\\child") && touch("parent\\child\\file.txt");
passthru("icacls parent /inheritance:d"); // so we can remove this user's perms
passthru("icacls parent\\child /inheritance:d"); // so it doesn't inherit parent's perms
passthru("icacls parent /remove %USERNAME%");
// does not work
passthru("icacls parent /grant %USERNAME%:f");
unlink("parent\\child\\file.txt") && rmdir("parent\\child") && rmdir("parent");
Thanks for the reproduce script, Damian!
I can't, however, reproduce scandir() failing with PHP 7.0.10 on
Windows 10 Home build 10586.545; instead running the script
produces the output in
Apparently, the permissions are set as intended, as `dir parent`
confirms ("Datei nicht gefunden"), while `dir parent\child` lists
the folder contents.
Interesting. I tried 7.0.10 (NTS x64) on Win10 Pro 10586.
to the end of the setup block: I get as output
parent NT AUTHORITY\SYSTEM:(OI)(CI)(F)
Do you have anyone else listed there? That could be a difference between Home and Pro - or just a difference in our setups, of course.
Speaking of, I'm logged in as a domain user who is supposedly part of the local Administrators group.
Anyway, Process Monitor shows only a failed CreateFile for parent:
High Resolution Date & Time: 2016-09-09 22:44:21.3795403
Event Class: File System
Result: ACCESS DENIED
Desired Access: Read Data/List Directory, Synchronize
Options: Directory, Synchronous IO Non-Alert
ShareMode: Read, Write, Delete
Watching cmd, `dir parent\child` does a CreateFile directly on child.