|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2016-11-16 14:42 UTC] hsh at autowise dot dk
Description:
------------
The is_readable() functions seems to interpret network drive ACLs incorrectly such that readable files are interpreted as unreadable.
This problem seems to be related to the bug: #53214 but in my case the bug reveals itself on a real Samba server running Samba v4.3.11, and not via VirtualBox. The Samba server is running as domain controller using extended ACLs and the:
idmap_ldb:use rfc2307 = yes
flag is enabled in smb4.conf
Test script:
---------------
Samba share: S:\
S:\> echo "Hello World" > test.txt
S:\> php -r "echo is_readable('test.txt')?'true':'false';"
false
S:> php -r "echo file_get_contents('test.txt');"
"Hello World"
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Jul 02 14:01:36 2025 UTC |
I'm putting my money on this being the same underlying bug as #68926, and the line from the bug report: >The issue here is that unmapped unix user accounts are mapped to built-in windows SIDs, which are obviously have nothing to do with windows ACLs. ...is in effect in my setup as well and I think it's the core of the problem: I have not joined the AD, but provided my credentials only when connecting the drive. The code which compares access rights to SIDs cannot get several of the SIDs resolved on a host which is not an AD member - and never will. A couple if years ago when I was programming an IIS/C#/ASP intranet application and was faced with the same problem of showing only files readable by the logged in user (or rather the IIS impersonated one) and needed an is_readable() equivalent in C#. I ditched calling all the built in ACL check functions and just opened the file for reading without doing anything. eg, the PHP equivalent of: function is_readable(string $file_in): bool { try { if(is_resource($handle=fopen($file_in, "r"))) { fclose($handle); return true; } return false; } catch(Exception $ex) { return false; } } I predicted the worst performance wise and expected the logs being full of rejected read attempts, but the code was snappy even with thousands of files in the remote directory and nothing was logged. A simple solution to a tricky problem I guess, but I have no idea if this could be the solution to this bug too. My C/C++ is far too rusty...