CGI directory access questions
[1/6] from: jason:cunliffe:verizon at: 4-Sep-2002 19:15
Rebol CGI Permissions 101
I guess..
I can now upload files happily via http, using Andreas' multipart/form script.
But still need help understanding how basic file and directory permissions work
from rebol CGI.
Example: When I login and run my %testupdir.r script from the bash shell it
works OK:
----------------------
#!/home/rebol/rebol -cs
REBOL []
print "Content-type: text/html^/^/"
message: "hello testing writing to a directory via cgi script"
append message rejoin [newline read %. " " now/time]
updir: %uploads/
filename: %testupdir.txt
filepath: join updir filename
write filepath message ; does not work from CGI
;write filename message ; works from CGI
quit
----------------------
Login and then running script manually from REBOL shell works too, but I get
security prompt:
>> now
== 4-Sep-2002/18:44:08-4:00
>> do %testupdir.r
REBOL - Security Check:
Script requests permission to open a port for read/write on:
/web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt
Yes, allow all, no, or quit? (Y/A/N/Q) Y
>> read %uploads/testupdir.txt
== {hello testing writing to a directory via cgi script
18:44:27longpath}
BUT, when I call it as CGI directly in a browser url, it returns this error:
** Access Error: Cannot open
/web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt ** Where: do-boot
** Near: write filepath message
However, if I change script above instead to write into the current directory,
then its OK!
Q1: What do I need to do to so my script has permissions to run from CGI and
read/write into a subdirectory?
Q2: Why does it work ok as bash shell executable, but needs manual confirmation
in REBOL shell.
Q3: What options are there for controlling these permissions?
Q4: What checks can I run in rebol CGI scripts to check permission first for
directories
=> create, read, or write
thanks
./Jason
[2/6] from: carl:cybercraft at: 5-Sep-2002 17:56
Hi Jason,
My guess would be that your problem isn't a CGI-specific one, but just
a case of REBOL's standard security level settings. REBOL runs in a
sandbox, and any attempt to access files outside of it causes a
warning. See "Security Issues" in the Core Guide's "Operation"
section here...
http://www.rebol.com/docs/core23/rebolcore-2.html
for how to alter the security levels.
Hope that puts you on the right track.
Carl.
On 05-Sep-02, Jason Cunliffe wrote:
> "Rebol CGI Permissions 101" I guess.. I can now upload files happily
> via http, using Andreas' multipart/form script. But still need help
<<quoted lines omitted: 44>>
> thanks
> ./Jason
--
Carl Read
[3/6] from: jason:cunliffe:verizon at: 5-Sep-2002 6:33
> My guess would be that your problem isn't a CGI-specific one, but just
> a case of REBOL's standard security level settings. REBOL runs in a
<<quoted lines omitted: 4>>
> for how to alter the security levels.
> Hope that puts you on the right track.
Thanks Carl,
I have tried all the obvious permutations already using 'secure, including
changing he bangpath with my script to:
#!/home/rebol/rebol -c --secure allow
Then it simply prints "REBOL" to the browser. and does nothing else..
My guess is that the problem is a bit of both [CGI and 'secure]. The script
works OK as an executable, but not from CGI, when writes into another current
directory.
Q: Is it possible to write to another directory via CGI?
I can't find anything about this, nor in any CGI script examples so far..
This wonderful but addictive x-internet language really needs better internet
documentation.
./Jason
[4/6] from: gscottjones::mchsi::com at: 5-Sep-2002 9:25
From: "Jason Cunliffe"
> I have tried all the obvious permutations already using 'secure, including
> changing he bangpath with my script to:
>
> #!/home/rebol/rebol -c --secure allow
> Then it simply prints "REBOL" to the browser. and does nothing else..
Hi, Jason,
I haven't been following this thread closely, but in case you haven't tried
it, you may wish to try:
#!/home/rebol/rebol --cgi -s
If I recall correctly (which is a big "if" :-), one of the REBOL platforms
had a bug that required the -c to be "spelled out" to "--cgi". I remember
it was the only thing that worked about 16 months ago for me (but I've slept
at least 500 times since then, so my memory may be at fault!).
--Scott Jones
[5/6] from: jason:cunliffe:verizon at: 5-Sep-2002 11:38
> I haven't been following this thread closely, but in case you haven't tried
> it, you may wish to try:
> #!/home/rebol/rebol --cgi -s
Hi Scott
Thanks. Nice try..
--cgi -s << No. script just hangs.
-cs << It works, but only for read+write in the *current* directory.
Unless there is some other incantation using 'secure I am suspecting it might
be only possible when the cgi script is owned by apache.
However I did find a healthy looking example of the sort thing I ma needing to
do:
http://www.reboltech.com/library/html/cgicomment.html
REBOL [
Title: "CGI Web Page Comment Poster"
Author: "Carl Sassenrath"
Date: 14-Sep-1999
File: %cgicomment.r
Purpose: {Allows viewers to add comments to a web page.
(needs webcomment.r to create example forms file).}
...snip code...
;-- The file name of the article is provided in a hidden input
; field within the HTML of the article. Use this string to
; build the path to the file from CGI dir. Remember that the
; file must have write permissions if you want add comments.
file: join %../web/ cgi/file
;-- Create the text of the new comment from the CGI input.
; If the type is code, then display it as preformated TTY.
new-comment: make-comment cgi/from now either cgi/type = "code" [
rejoin ["<pre>" cgi/comment </pre>]][cgi/comment]
;-- Read the HTML file, add the newest comment to it, and write
; it out. An HTML comment is used to mark where it goes.
page: read file
insert find page <!--comments--> new-comment
write file page
Carl notes "Remember that the file must have write permissions if you want add
comments."
To be sure, I set my target "uploads" folder writable to all:
drwxrwxrwx 2 jasonic jasonic 4096 Sep 3 11:46 uploads
There are images I have uploaded via http:
-rw-r--r-- 1 apache apache 10644 Aug 30 18:37 test.jpg
and for comparison, a file which was generated by script from bash shell, not
cgi:
-rw-rw-r-- 1 jasonic jasonic 69 Sep 4 18:44 testupdir.txt
So this may be entirely an Apache thing. What I am need to determine is how much
control I have within REBOL, to fix this situation.
any ideas?
./Jason
[6/6] from: andreas:bolka:gmx at: 5-Sep-2002 19:05
Thursday, September 5, 2002, 12:33:24 PM, Jason wrote:
> Q: Is it possible to write to another directory via CGI?
Of course it is - if you're allowing the CGI to do so.
I guess you've a unix rights problem - you'd better have a look wether
the CGI is allowed to write to your target directory.
--
Best regards,
Andreas mailto:[andreas--bolka--gmx--net]
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted