Here I am at 3:00 in the morning trying to figure out POSIX ACLs. (What
do normal people do when they wake up in the middle of the night and
can't get back to sleep?)
So, I was trying to transfer a lot of permissions structure in my
webdirs from standard file permission bits to more fine grained ACLs.
Everything was working fine, except for some Perl-based CGI scripts
can't seem to read files that they should be able to read. Or, more
accurately, it would seem that they are running "-r" file tests on those
files and claiming, therefore, that they can't read them.
So I do some testing in my own account. First I create a Perl script
like so (my Perl is not very fancy, sorry):
[CODE]#!/usr/bin/env perl
print "File or directory blah is readable by this (effective) user or
group\n" if -r "blah";
print "File or directory blah is readable by this real user or group\n"
if -R "blah";[/CODE]
Then touch file:
[CODE]cmhoward@aquinas ~/perl-tests $ touch blah
cmhoward@aquinas ~/perl-tests $ ./try.pl
File or directory blah is readable by this (effective) user or group
File or directory blah is readable by this real user or group[/CODE]
Then removed all permissions:
[CODE]cmhoward@aquinas ~/perl-tests $ chmod 000 blah
cmhoward@aquinas ~/perl-tests $ ./try.pl
(no output)[/CODE]
Then setfacl so that blah ACL is as follows:
[CODE]cmhoward@aquinas ~/perl-tests $ getfacl blah
# file: blah
# owner: cmhoward
# group: cmhoward
user::---
user:cmhoward:r--
group::---
mask::r--
other::---[CODE]
Yet:
[CODE]cmhoward@aquinas ~/perl-tests $ ./try.pl
(no output)[/CODE]
So it would seem that this -r test for effective user is not "ACL aware"
(should it be?) and that the original troublesome CGI script (which I
did not write) should not be using -r to test if file is readable. But
then, if it should not be using -r, then what should it be using?
Or is there anything I am misunderstanding here?
-- www.frigidcode.com theologia.indicium.us --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Fri Mar 25 03:23:42 2011
This archive was generated by hypermail 2.1.8 : Fri Mar 25 2011 - 03:23:42 AKDT