tags:

views:

322

answers:

3
Q: 

Why can't webmin can't open files in directories that are not world executable?

I'm using an open source Perl package named "webmin" on several servers. It's mostly Perl on the inside.

I found a weird behavior on a new 64-bit server: files were getting created empty.

I've traced it down to a "Permission Denied" error in Perl's builtin function open which is pretty unusual, since the application is running as root. I had perl output the $< and $> variables, and they both claim I'm user 0

This bug seems to affect files in directories where the directory is not world executable (chmod o-x $DIR) ... and it only happens deep inside of webmin, I can't reproduce it on its own.

Does this sound even remotely familiar to anyone?

+2  A: 

ACLs on the directory?

SELinux turned on?

The fact that you're getting a "permission denied" error on a directory that doesn't have the execute bit is not surprising - on directories, the execute bit controls accessing the contents of the directory - the question is why the execute bit isn't set.

Check if any umask setting is applying to the process.

Andrew Medico  2009-08-21 02:57:17
no acls on the directory. not SELinux.I should only be affected by the *user* execute bit, if I'm the directory owner (I am). And this works just fine on a 32 bit server
jes5199  2009-08-21 03:07:37
+2  A: 

I've traced it down to a "Permission Denied" error [....] [w]hich is pretty unusual, since the application is running as root.

Are you sure you're running as root at the time of the failed open()?

webmin's documentation boasts the ability to exec arbitrary commands as other users, and a quick grep of the source code shows a number of instances of a function named switch_to_unix_user()...

pilcrow  2009-08-21 03:03:18
I had perl output the $< and $> variables, and they both claim I'm user 0
jes5199  2009-08-21 03:06:13
@jes5199, ah, now that is worth editing your original post to clarify...
pilcrow  2009-08-21 04:01:52
+1  A: 

in Unix permissions, you need execute permission on a directory to access anything inside it (you don't need read permission, that's for listing the directory; you only need execute permission to access the contents). so something is accessing the file under a user that is considered "other", and it doesn't have permission

newacct  2009-08-21 05:43:19

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?