Another auth/location question - probably very simple to fix :)

Igor Sysoev is at rambler-co.ru
Sat Aug 16 23:43:11 MSD 2008 

On Sat, Aug 16, 2008 at 12:28:12PM -0700, mike wrote:

> On 8/16/08, Igor Sysoev <is at rambler-co.ru> wrote:
> 
> > As to patch, after looking the code, I have found that EACESS at this
> > point should be ignored. Here is my patch (the same as Maxim's one)
> > with comment. Could you or someone test English part of patch ?
> 
> i figured out - i need to use "p0" with your patches and they patch
> directly. okay. first question resolved :)
> 
> root at local:/usr/src/build/nginx-0.7.10# patch -p0 <
> ../nginx-patches/0.7.10-dirtest.txt
> patching file src/http/modules/ngx_http_index_module.c
> root at local:/usr/src/build/nginx-0.7.10# patch -p0 <
> ../nginx-patches/0.7.10-staticpost.txt
> patching file src/http/modules/ngx_http_static_module.c
> root at local:/usr/src/build/nginx-0.7.10#
> 
> I'm testing the dirtest thing now:
> 
> 2008/08/16 12:23:06 [debug] 8277#0: *34 open index
> "/home/mike/web/192.168.1.3/index.5"
> 2008/08/16 12:23:06 [debug] 8277#0: *34 add cleanup: 00000000007FD948
> 2008/08/16 12:23:06 [debug] 8277#0: *34 open()
> "/home/mike/web/192.168.1.3/index.5" failed (2: No such file or
> directory)
> 2008/08/16 12:23:06 [debug] 8277#0: *34 http index check dir:
> "/home/mike/web/192.168.1.3"
> 2008/08/16 12:23:06 [debug] 8277#0: *34 add cleanup: 00000000007FD978
> 2008/08/16 12:23:06 [debug] 8277#0: *34 open index
> "/home/mike/web/192.168.1.3/index.html"
> 2008/08/16 12:23:06 [debug] 8277#0: *34 add cleanup: 00000000007FD9A8
> 
> So it looks like it still does your dir check like before, it just
> doesn't throw an error on access denied?

Yes. For the reason described in patch's comment:

                /*
                 * ngx_http_index_test_dir() is called after the first index
                 * file testing has returned an error distinct from NGX_EACCES.
                 * This means that directory searching is allowed.
                 */

Could you check English of the comment ?

> I have it set to
> 
> index index.5 index.html index.4 index.3;
> 
> and the actual file is index.html, so it has to fail the first one to move on.
> 
> all the directories are also chmod 0711. it appears to work... it
> looks like http index check dir does not cause the request to be
> denied even if it doesn't have permission... which i suppose is all i
> care about. in theory that dir check i still don't think needs to be
> there until it has exhausted all the user-defined index files... but
> as long as directory mode 0711 doesn't break anything i'm happy for
> now.


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list