On Sat, Jun 6, 2020, at 2:25 PM, Charles Forsyth wrote: > execute permission on files, meaning here non-directories, is a special > variant of read. a file with mode 0111 can be opened with OEXEC and read(2) > will work as well as exec(2), > but can't be opened with OREAD, because it's not got any of 0444 set. bits > 0111 distinguish a file with contents that are intended to be executed once > read from files with only 0444 that do not contain executable content. > you wouldn't want every readable file to be executable (especially if you've > used systems that didn't have that distinction). > on the other hand, in a distributed file system, the client needs the > contents of the file to run it (whether code or #!script) so it needs to be > able to read files with just OEXEC. > I suppose the rule could have been that it would need mode 5 (r+x) to make > clear that the file was also readable, but it isn't. > > that OEXEC allows reading isn't true for a directory because exec means > "search", so if it's mode 0111 (say) you can chdir into it but not read the > names within it. > if you know a name of a file in that directory, though, you can still open > that. that's entirely enforced by the server. > > as the bug in access(2) suggests, only the server knows whether access should > be granted, and the open call gets it to do that, > but it doesn't work for OEXEC for directories as others have noted. perhaps > stat+chdir is the most accurate test, since you need x (search) permission to > walk(5) into a directory, > but the caller won't thank you for the chdir (and there's no easy or certain > way back), and ... that restriction isn't enforced by fossil or ramfs. (ramfs > wrongly allows you to read a directory that's mode 0.) > > probably the best thing is just to ignore the owner/group/other distinction, > and if the open(...OEXEC) fails, dirstat it, and if it's a directory with any > of 0111 set, it's fine (a little better than now).
thanks for the analysis, charles. the dirstat you suggest wouldn't do any good for my case because rc-httpd runs as user none. the common problem it's trying to catch is a directory which isn't world-readable & world-searchable. 770 750 and 700 are common permissions. perhaps i should have rc-httpd just run the commands and test their status rather than trying to test ahead of time, but this would somewhat spoil the neat and simple design. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Tdd7a9b1b32d01f54-M84c47e7be623cb8feb49865e Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
