php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73048 scandir() does not work without permission to parent folder.
Submitted: 2016-09-08 15:08 UTC Modified: 2021-06-28 13:56 UTC
Votes:4
Avg. Score:3.8 ± 1.3
Reproduced:4 of 4 (100.0%)
Same Version:0 (0.0%)
Same OS:2 (50.0%)
From: aj at ajhenderson dot com Assigned: cmb (profile)
Status: Not a bug Package: Directory function related
PHP Version: 7.0.10 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: aj at ajhenderson dot com
New email:
PHP Version: OS:

 

 [2016-09-08 15:08 UTC] aj at ajhenderson dot com
Description:
------------
When attempting to scandir() on a folder which the user has permission to, it fails with Access is Denied (code 5) if the user does not have access to the parent directory as well.

Expected result:
----------------
Scandir should be able to scan the folder that the PHP user has permission to access.

Actual result:
--------------
Access is denied (code 5) returned.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-09-08 17:25 UTC] requinix@php.net
-Status: Open +Status: Verified -Operating System: Windows Server 2012 R2 +Operating System: Windows
 [2016-09-08 17:25 UTC] requinix@php.net
When testing, remember that NTFS has permission inheritance.
1. Create parent and child directories
2. Edit permissions on both to disable inheritance (and replace with existing inherited permissions)
3. Remove permissions on parent folder

Commands like dir (`dir parent\child`) are able to display the contents of the child directory, however commands like attrib (`attrib parent\child`) rightfully do not work. It'd be easy to say that PHP's behavior is intentional/not a bug, however if dir can do it then I'd think PHP should be able to as well.

<?php

// setup
mkdir("parent") && mkdir("parent\\child") && touch("parent\\child\\file.txt");
passthru("icacls parent /inheritance:d"); // so we can remove this user's perms
passthru("icacls parent\\child /inheritance:d"); // so it doesn't inherit parent's perms
passthru("icacls parent /remove %USERNAME%");

// works
passthru("dir parent\\child");

// does not work
print_r(scandir("parent\\child"));

// cleanup
passthru("icacls parent /grant %USERNAME%:f");
unlink("parent\\child\\file.txt") && rmdir("parent\\child") && rmdir("parent");

?>
 [2016-09-09 23:48 UTC] cmb@php.net
Thanks for the reproduce script, Damian!

I can't, however, reproduce scandir() failing with PHP 7.0.10 on
Windows 10 Home build 10586.545; instead running the script
produces the output in
<https://gist.github.com/cmb69/eae8211716b11aee2576b5041d07e004>.
Apparently, the permissions are set as intended, as `dir parent`
confirms ("Datei nicht gefunden"), while `dir parent\child` lists
the folder contents.
 [2016-09-10 06:15 UTC] requinix@php.net
Interesting. I tried 7.0.10 (NTS x64) on Win10 Pro 10586.

Add a
  passthru("icacls parent");
to the end of the setup block: I get as output
  parent NT AUTHORITY\SYSTEM:(OI)(CI)(F)
         BUILTIN\Administrators:(OI)(CI)(F)

Do you have anyone else listed there? That could be a difference between Home and Pro - or just a difference in our setups, of course.

Speaking of, I'm logged in as a domain user who is supposedly part of the local Administrators group.


Anyway, Process Monitor shows only a failed CreateFile for parent:

High Resolution Date & Time:	2016-09-09 22:44:21.3795403
Event Class:	File System
Operation:	CreateFile
Result:	ACCESS DENIED
Path:	...\parent
TID:	8444
Duration:	0.0000311
Desired Access:	Read Data/List Directory, Synchronize
Disposition:	Open
Options:	Directory, Synchronous IO Non-Alert
Attributes:	n/a
ShareMode:	Read, Write, Delete
AllocationSize:	n/a

Watching cmd, `dir parent\child` does a CreateFile directly on child.
 [2021-06-28 13:56 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-06-28 13:56 UTC] cmb@php.net
Time flies …

> Do you have anyone else listed there?

Right.  If I remove these as well, I can reproduce.

However, this is actually expected behavior (and not particularly
Windows related); all file and directory functions call
realpath(3) (actually PHP's own implementation), and that requires
permission to access all path components.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 10:01:28 2024 UTC