LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Apache-the-program can't see directiories apache-the-user can see (https://www.linuxquestions.org/questions/linux-newbie-8/apache-the-program-cant-see-directiories-apache-the-user-can-see-709016/)

Dims 03-04-2009 12:32 AM
Apache-the-program can't see directiories apache-the-user can see
 
I have encountered strange behavior. When I ask the listing of the root directory under the rights of apache user, I see the different picture then I see when the same command is issued by Python and displayed on the web page.

Here is the first listing

Code:
[root@telesmi ~]# sudo -u apache ls -l /
total 150
drwxr-xr-x  2 root root  4096 2009-03-03 04:11 bin
drwxr-xr-x  5 root root  1024 2008-07-24 13:34 boot
drwxr-xr-x  4 root root  4096 2009-03-03 08:59 d4m
drwxr-xr-x  12 root root  4120 2009-03-03 09:20 dev
drwxr-xr-x  97 root root 12288 2009-03-03 09:20 etc
drwxr-xr-x  2 root root  4096 2009-03-03 09:02 fff
drwxr-xr-x  2 root root  4096 2009-03-03 10:02 ggg
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 home
drwxr-xr-x  15 root root 12288 2009-03-02 08:00 lib
-rw-r--r--  1 root root 34834 2009-03-02 08:31 libdrutils.a
drwx------  2 root root 16384 2008-07-18 22:40 lost+found
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 media
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 mnt
drwxr-xr-x  2 root root  4096 2009-03-03 02:47 opt
drwxr-xr-x  2 root root  4096 2009-02-27 11:10 prj
dr-xr-xr-x 111 root root    0 2009-03-03 09:20 proc
drwxr-x---  15 root root  4096 2009-03-03 19:06 root
drwxr-xr-x  2 root root 12288 2009-02-11 04:11 sbin
drwxr-xr-x  7 root root    0 2009-03-03 09:20 selinux
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 srv
drwxr-xr-x  11 root root    0 2009-03-03 09:20 sys
drwxrwxrwt  5 root root  4096 2009-03-03 10:10 tmp
drwxr-xr-x  13 root root  4096 2008-07-18 22:46 usr
drwxr-xr-x  20 root root  4096 2008-07-18 22:48 var
And here is the listing of the command ls -l / as it is seen by Python:

Code:
total 100
drwxr-xr-x  2 root root  4096 Mar  3 04:11 bin
d?????????  ? ?    ?        ?            ? boot
d?????????  ? ?    ?        ?            ? d4m
drwxr-xr-x  12 root root  4120 Mar  3 09:20 dev
drwxr-xr-x  97 root root 12288 Mar  3 09:20 etc
d?????????  ? ?    ?        ?            ? fff
drwxr-xr-x  2 root root  4096 Apr  7  2008 home
drwxr-xr-x  15 root root 12288 Mar  2 08:00 lib
-rw-r--r--  1 root root 34834 Mar  2 08:31 libdrutils.a
d?????????  ? ?    ?        ?            ? lost+found
d?????????  ? ?    ?        ?            ? media
d?????????  ? ?    ?        ?            ? mnt
drwxr-xr-x  2 root root  4096 Mar  3 02:47 opt
d?????????  ? ?    ?        ?            ? prj
dr-xr-xr-x 115 root root    0 Mar  3 09:20 proc
d?????????  ? ?    ?        ?            ? root
drwxr-xr-x  2 root root 12288 Feb 11 04:11 sbin
d?????????  ? ?    ?        ?            ? selinux
drwxr-xr-x  2 root root  4096 Apr  7  2008 srv
d?????????  ? ?    ?        ?            ? sys
drwxrwxrwt  4 root root  4096 Mar  3 09:22 tmp
drwxr-xr-x  13 root root  4096 Jul 18  2008 usr
drwxr-xr-x  20 root root  4096 Jul 18  2008 var
Evidently, that it can't see even access rights, owners, modification times etc.

Why?

Also, if I ask to list some directory inside one of these strange directories, I get the following error (for example)

ls: cannot access /d4m: Permission denied

while normal lack of access usually gives the following message

ls: cannot open directory /root: Permission denied

What is the difference between "cannot access" and "cannot open directory"?

Thanks.

win32sux 03-04-2009 01:07 AM
The read bit on a directory gives you the ability to list the contents ("cannot open" implies you don't have this ability). The execute bit on a directory gives you the ability to access the directory ("cannot access" implies you don't have this ability).

Dims 03-04-2009 02:09 AM
Thanks.

And what can prevent Apache to view access rights?

win32sux 03-04-2009 02:22 AM
I don't know why you're getting (apparently) unexpected results from within your Python code.

Does it happen only with / or with other directories (/usr, for example) too?

Dims 03-04-2009 02:32 AM
This happens for some directories. Below is listing for ls -l /usr

Code:
total 112
drwxr-xr-x  2 root root 36864 Mar  3 04:11 bin
drwxr-xr-x  2 root root  4096 Apr  7  2008 etc
drwxr-xr-x  2 root root  4096 Apr  7  2008 games
drwxr-xr-x  32 root root  4096 Mar  2 08:15 include
drwxr-xr-x  6 root root  4096 Jul 18  2008 kerberos
drwxr-xr-x  87 root root 36864 Mar  3 04:11 lib
drwxr-xr-x  8 root root  4096 Mar  2 08:00 libexec
drwxr-xr-x  15 root root  4096 Mar  2 08:19 local
drwxr-xr-x  2 root root 12288 Mar  2 08:56 sbin
drwxr-xr-x 116 root root  4096 Mar  2 07:59 share
d?????????  ? ?    ?        ?            ? src
lrwxrwxrwx  1 root root    10 Jul 18  2008 tmp -> ../var/tmp
Here we see, that every directory is normal except src.

Dims 03-04-2009 02:34 AM
While src has no apparent differences from the POV of the command line:

Code:
[root@telesmi /]# sudo -u apache ls -l /usr
total 116
drwxr-xr-x  2 root root 36864 2009-03-03 04:11 bin
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 etc
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 games
drwxr-xr-x  32 root root  4096 2009-03-02 08:15 include
drwxr-xr-x  6 root root  4096 2008-07-18 22:46 kerberos
drwxr-xr-x  87 root root 36864 2009-03-03 04:11 lib
drwxr-xr-x  8 root root  4096 2009-03-02 08:00 libexec
drwxr-xr-x  15 root root  4096 2009-03-02 08:19 local
drwxr-xr-x  2 root root 12288 2009-03-02 08:56 sbin
drwxr-xr-x 116 root root  4096 2009-03-02 07:59 share
drwxr-xr-x  2 root root  4096 2008-04-07 17:44 src
lrwxrwxrwx  1 root root    10 2008-07-18 22:45 tmp -> ../var/tmp

Dims 03-04-2009 02:36 AM
May be this can related with some restrictions, applied to Apache only? May be some nutshell or FUSE somehow used? I am a newbie hence not sure these are correct suggestions...

Dims 03-04-2009 02:34 PM
I found resolution. This was because of selinux security for httpd.

win32sux 03-04-2009 02:37 PM
Quote:
Originally Posted by Dims (Post 3464981)
I found resolution. This was because of selinux security for httpd.
That's awesome! I'm glad you worked it out. I had actually suspected SELinux but I didn't want to say anything since it was only a hunch and I have zero SELinux experience. What exactly did you change in order to fix it? Hopefully you didn't disable it entirely!

Dims 04-27-2009 12:24 PM
Quote:
Originally Posted by win32sux (Post 3464985)
What exactly did you change in order to fix it? Hopefully you didn't disable it entirely!
Sorry, I am not remember now what I did exactly, but most probably I have disabled it :) I think I was fail to find a way to setup correct behavior for httpd, but I was trying honestly :)


All times are GMT -5. The time now is 05:39 PM.