Directory permissions behavior changed?

Maxim Dounin mdounin at mdounin.ru
Fri Aug 8 14:31:05 MSD 2008


Hello!

On Fri, Aug 08, 2008 at 02:53:56AM -0700, mike wrote:

>why not try the entire list that is defined before the dir test? that
>makes more sense to me.

Directory listings handled by another module 
(ngx_http_autoindex_module), it has nothing to do here.

The cause of problems was directory testing. I believe this is 
optimization to avoid multiple unneeded syscalls when user 
requested something in nonexisting directory.

Maxim Dounin

>seems like it should be
>
>foreach(index files defined) {
>   if (found) { return success / exit) }
>}
>
>if(dirlist enabled) {
>   return dirlist / exit
>}
>
>return 403 access denied;
>
>
>This patch appears to have fixed that behavior - it seems to cycle
>properly now, from what i can tell! it tried each one in succession
>until it found it. PLEASE commit this patch on the next version! :)
>
>here's my config:
>
>"index index.5 index.4 index.3 index.2 index.1 index.php index.html index.bar;"
>
>the actual file is "index.html" - works like a charm
>
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.5"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B0178
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.5" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 http index check dir:
>"/home/mike/web/192.168.1.3"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B01A8
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.4"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B01D8
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.4" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.3"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B0208
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.3" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.2"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B0238
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.2" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.1"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B0268
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.1" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.php"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B0298
>2008/08/08 02:52:01 [debug] 22471#0: *15 open()
>"/home/mike/web/192.168.1.3/index.php" failed (2: No such file or
>directory)
>2008/08/08 02:52:01 [debug] 22471#0: *15 open index
>"/home/mike/web/192.168.1.3/index.html"
>2008/08/08 02:52:01 [debug] 22471#0: *15 add cleanup: 00000000007B02C8
>2008/08/08 02:52:01 [debug] 22471#0: *15 internal redirect: "/index.html?"
>
>
>and when the file does not exist it properly issues 403 forbidden now
>(not sure why it was throwing a 500 server error before!)
>
>
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.5"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B0178
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.5" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 http index check dir:
>"/home/mike/web/192.168.1.3"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B01A8
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.4"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B01D8
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.4" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.3"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B0208
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.3" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.2"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B0238
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.2" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.1"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B0268
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.1" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.php"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B0298
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.php" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.html"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B02C8
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.html" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 open index
>"/home/mike/web/192.168.1.3/index.bar"
>2008/08/08 02:52:51 [debug] 22471#0: *42 add cleanup: 00000000007B02F8
>2008/08/08 02:52:51 [debug] 22471#0: *42 open()
>"/home/mike/web/192.168.1.3/index.bar" failed (2: No such file or
>directory)
>2008/08/08 02:52:51 [debug] 22471#0: *42 content phase: 11
>2008/08/08 02:52:51 [debug] 22471#0: *42 content phase: 12
>2008/08/08 02:52:51 [debug] 22471#0: *42 content phase: 13
>2008/08/08 02:52:51 [debug] 22471#0: *42 content phase: 14
>2008/08/08 02:52:51 [error] 22471#0: *42 directory index of
>"/home/mike/web/192.168.1.3/" is forbidden, client: 192.168.1.2,
>server: 192.168.1.3, request: "GET / HTTP/1.1", host: "192.168.1.3"
>
>
>
>
>
>
>
>On 8/8/08, Maxim Dounin <mdounin at mdounin.ru> wrote:
>> Hello!
>>
>>
>> On Fri, Aug 08, 2008 at 01:57:18AM -0700, mike wrote:
>>
>> > More investigation:
>> >
>> > nginx-0.7.8/src/http/modules/ngx_http_index_module.c,
>> line 137:
>> >
>> > for (i = 0; i < ilcf->indices->nelts; i++) {
>> >
>> > it shows the right number of nelts, but the for loop only cycles
>> > through once. it needs to cycle through all nelts of them!
>> >
>> > for example this is my code:
>> >
>> >
>> >   for (i = 0; i < ilcf->indices->nelts; i++) {
>> >
>> >           ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, of.err,
>> >                         ngx_open_file_n " MIKEMIKE: \"%s\" failed",
>> > index[i].name.data);
>> >
>> >           ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, of.err,
>> >                         ngx_open_file_n " MIKEMIKENUMBER: \"%d\"
>> > failed", ilcf->indices->nelts);
>> >
>> > and it shows the right number for MIKEMIKENUMBER - i changed my
>> > config, restarted, and it shows the right number of "index" entries.
>> >
>> > but the loop for some reason is being broken (it only prints out
>> > testing for the first one)
>> >
>> > i wish i knew C better; i can't find where the loop gets broken...
>> >
>> > but it keeps matching these kind of statements:
>> >
>> > if (index[i].lengths == NULL) {
>> >
>> > if (index[i].values == NULL) {
>> >
>> > and i wouldn't think those should be matched after the first
>> > iteration. Igor i think this is something you could easily hack out in
>> > a minute.
>> >
>>
>> After failure of first index file lookup nginx tries to check if it really
>> hit directory by stat()ing it.  With your 711 permissions it gets EACCESS
>> here and fails.
>>
>> Try the attached patch.
>>
>> Maxim Dounin
>>
>>
>





More information about the nginx mailing list