CGI, anydbm.open() and linux file permissions

[Dan Sommers]

On Tue, 11 Jan 2005 15:16:53 -0800 (PST),
Derek Basch <dbasch at yahoo.com> wrote:

> Hello,
> I have a CGI script which uses anydb.open() to create a DBM. However I get this
> traceback:

>  /usr/lib/python2.3/bsddb/__init__.py in
> hashopen(file='/var/www/bp/predictor/tools.dbm', flag='c', mode=438,
> pgsize=None, ffactor=None, nelem=None, cachesize=None, lorder=None, hflags=0)
>   190     if ffactor is not None:   d.set_h_ffactor(ffactor)
>   191     if nelem is not None:     d.set_h_nelem(nelem)
>   192     d.open(file, db.DB_HASH, flags, mode)
>   193     return _DBWithCursor(d)
>   194 
> d = <DB object>, d.open = <built-in method open of DB object>, file =
> '/var/www/bp/predictor/tools.dbm', global db = <module '_bsddb' from
> '/usr/lib/python2.3/lib-dynload/_bsddb.so'>, db.DB_HASH = 2, flags = 65, mode =
> 438

> DBAccessError: (13, 'Permission denied')
>       args = (13, 'Permission denied')

> The permissions on the CGI script (/usr/lib/cgi-bin/evaluator.py) are:

> -rwxr-xr-x   1 bpeters bpeters  2446 Jan 11 14:42 evaluator.py

> and the permissions on the target DBM creation directory
> (/var/www/bp/predictor/) are:

> drwxr-xr-x  2 bpeters bpeters  4096 Jan 11 14:45 predictor

> Can anyone tell me what I need to do to allow the CGI script to create the DBM
> in the target directory? That is short of changing everything to root.

Chances are that for security reasons your script probably runs as user
"nobody" or another special user ID set up specifically for running CGI
scripts (rather than your user id).  Check your web server's
documentation, or render the output of sys.getuid, sys.geteuid,
sys.getgid, and sys.getedig.  One solution is to open up the permissions
of /var/www/bp/predictor; a better solution is to change its owner to
whatever user ID runs your script.

HTH,
Dan

-- 
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.