Red Hat Bugzilla – Bug 162332
is_writable() and is_readable() return false when access is permitted via ACL
Last modified: 2007-11-30 17:11:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
PHP 5 attempts to work out whether a user has access to a file using the stat structure. Of course this fails with ACLs, SELinux, and so on. This has been reported at http://bugs.php.net/bug.php?id=30931 and a patch exists, which I will attach.
I can confirm that the patch works on FC4. I think the PHP people may be concerned that it will break on other architectures; the author says that he thinks some more ifdefs may be required. At any rate, there has been no feedback about getting the patch incorporated into the next general PHP release.
What I am wondering is whether Fedora would be prepared to include the patch in the next update of PHP, until this issue is fixed upstream. This issue is more of a nuisance than it may first appear; for example it means that access to Smarty's cache directory cannot be granted using an ACL, and so on.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install Apache and PHP from FC4.
2. Create a website using Smarty. Grant access to the compiled templates (templates_c) directory using an ACL. For example "setfacl -m g:apache:rwx templates_c".
3. Ensure that Apache does not have access to this directory for any other reason, for example it must not be mode 777.
Actual Results: Smarty will refuse to load templates, believing that the templates_c directory is not writable.
Expected Results: Smarty should have loaded the templates and written them to the directory, which is in fact writable.
Created attachment 116296 [details]
Patch for this issue from bugs.php.net
Thanks for the report, this looks reasonable (and sorry, this just missed the
5.0.4-10.3 update which just released today).
Thank you for offering to carry the patch (and don't worry about today's update,
I've built PHP once with this patch included, so it's not too hard to do it again).
Just wanted to point out that this patch was missing from the latest PHP update
(php-5.0.4-10.4). Don't worry about it, these things happen -- but it would be
very helpful if it could be bundled with a future release.
Actually I looked at this more carefully and would rather submit this for review
This report targets the FC3 or FC4 products, which have now been EOL'd.
Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?
Looks like it's fixed so I'll close the bug.