ID: 41822 Comment by: ab5602 at wayne dot edu Reported By: ian at onlineloop dot com Status: Assigned Bug Type: *Directory/Filesystem functions Operating System: Solaris 10 PHP Version: 5.2CVS-20070627 Assigned To: tony2001 New Comment:
I think I found the culprit that is bubbling up to PHP here. It effects users with: - At least Solaris 9 to early versions of 10 - NFS mounted directories - Any setuid application (including apache/php) >From my previous post, I showed how one server was able to getcwd() in PHP and other other wasn't. The root cause is this bug: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6226092 I tested the code under Solaris 9 and was able to reproduce it at the OS level. The one machine where include("../file.php") works on was able to successfully execute the solaris bug test code in the NFS mounted directory: # pwd /usr/local/www/sites # ./solaris-nfs-getcwdtest CWD = /usr/local/www/sites # The machine where include("../file.php") gives the "permission denied " error fails the getcwd command in the directory: # pwd /usr/local/www/sites # ./solaris-nfs-getcwdtest getcwd failed!!! # I'm not sure if anything can be done with the PHP source here to solve this since the bug is at the OS level. Unless there is some other way to get the CWD for PHP in the above situation. Previous Comments: ------------------------------------------------------------------------ [2007-09-30 14:51:00] ab5602 at wayne dot edu I am having this problem on *ONE* of two load-balanced servers that are setup exactly the same and that share an NFS mounted filesystem in Solaris 9. The permissions on all the subdirs, all the way from the root directory are at least 'r' and 'x' and are the same on both servers. Both machines are running the same PHP/Apache binary and are at the same OS patch level. The following code properly returns the path on one of the machines, but not the other: echo getcwd(); Could this have something to do with NFS? ------------------------------------------------------------------------ [2007-09-12 11:06:53] ian at onlineloop dot com Verified that this is still not working in 5.2.4, nor in the latest CVS version, php5.2-200709121030. We made a system available on a Sun E3500, partially for the purposes of fixing this bug. The last login from anyone from the PHP team was on 5 July 2007. Is there any time plan to fix this bug? We are running on Solaris 10 and are stuck on PHP 5.1.6 because of this problem, so the situation for us is critical. ------------------------------------------------------------------------ [2007-06-27 13:46:06] ian at onlineloop dot com CVS version still produces the error. ------------------------------------------------------------------------ [2007-06-27 13:27:02] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows (zip): http://snaps.php.net/win32/php5.2-win32-latest.zip For Windows (installer): http://snaps.php.net/win32/php5.2-win32-installer-latest.msi ------------------------------------------------------------------------ [2007-06-27 13:17:44] ian at onlineloop dot com Description: ------------ When including files in directories that have access only permissions (no read or write), includes fail with a permission denied when trying things like include ('../include_me.inc'); Directory permissions for the webserver process are access only (--x). When including an absolute path, or relative path descending into the directory tree, include works ok eg: include ('access_only/level2/include_me.inc'); The return value of "is_readable('../include_me.inc');" returns true, however include() fails. Everything works find up to and including PHP 5.1.6, as of PHP 5.2.0 this problem occurs. Anthony D. has access to our SPARC system and a test area in which this bug is reproduced has been set up. He should contact me at my work email address for further information. Expected result: ---------------- The files should be included, as they were in versions prior to and in 5.1.6. Actual result: -------------- Warning: include(../include_me.inc) [function.include]: failed to open stream: Permission denied in /access_only/level2/index.php on line 15 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41822&edit=1
