CGI Python user/group permission weirdness

[Samuel Walters]

| Aienthiwan said |

> Ok - this one's a baffling one.
<chop>
> I have confirmed that it's the www-data user by calling a
> os.system('whoami') in my script for debugging.
<chop>
> The only inconsistancy is in dbtest and cvs. 

Have you tried os.system('groups') to verify that the user is in groups
dbtest and cvs?  Though I can't think of a reason why, maybe the script 
or the calling process is dropping it's privileges to these groups.

Have you tried making all the directories leading up to the path of the
file executable by dbtest and cvs?  Some oddball code may be walking to
the path, rather than jumping to the file.  How about world executable?

If you're just testing, you might also try making the files 777 for a
minute and testing to see if the problem persists.  (Don't leave this in
production, only use it to isolate the error.)

Try making a link from the file you want into another directory.  Can you
access it with the same permissions as the original, or perhaps with
different permission?

What www-daemon is this running on?  Some www-daemons can be configured to
lock down certain directories and var is a likely candidate for that.  Can
you access other files withing the var directory?  If you fail this test,
and succeed with the previous two tests, consider that it might be the
daemon with an out-of-box configuration to keep web-processes out of
sensitive system areas.

HTH

I'll post if I think of anything else.

Sam Walters.

-- 
Never forget the halloween documents.
http://www.opensource.org/halloween/
""" Where will Microsoft try to drag you today?
    Do you really want to go there?"""