Web Server File Permissions Mystery Solved
Ever wonder if this whole Linux thing is actually unholy devil worship? If you’ve ever worked on web server file permissions, you might think so. They take the right amount of searching and just short of not too much coffee for solving when a problem presents itself. (Already, I’ve probably had too much coffee, as I just caught myself bobbing up and down.) Continue reading to find out about a strange problem that might happen to you as well. I’d been watching a problem occur on a web server for about a month, where a file from a customer registration becomes unusable because the file permissions are wrong. Not just a little wrong either, bonkers wrong:
unable to open file /var/tmpcgi/registration.txt at /usr/local/bin/updater.pl line 33. total 12 drwxr-xr-x. 34 wheel wheel 4096 Aug 17 10:24 .. --w--wx-wT. 1 wwwuser wwwuser 30 Aug 27 05:51 registration.txt drwxrwsr-x. 2 wheel wheel 4096 Aug 27 05:51 .
What makes an error like that? All my scripts were setting wide open permissions on files for this process. (I know: tsk, tsk.) Despite this, the problem bugged me for weeks. I created a script just to find the oddball permissions. Actually that wasn’t a great solution, because my find command was even wrong. What could be wrong with:
find -type f -perm -220
Well, for starters it didn’t do what I wanted. So, this morning I finally searched for what creates files with “–w–wx-wT” and stumbled across something helpful. I found forum posts chastising a user for creating bug reports about his own ineptitude for using chmod “666” and not the octal chmod 0666.
Unlike that user, I *know* that I don’t want to use string 666, but it did give me something to search for:
$ grep -r 666
Now, how often do you search for the devil in the details? I wasn’t using a string, but it was still wrong. In perl, saying chmod 666, $filename; is just as bad. The 666 is decimal. Devil horns, that won’t work! Use chmod 0666, $filename; and you escape hell. Not to heaven, but to octal.
Later, I found something in my search results that you geeks will probably find useful; There is a table of unholy permissions low down in the man page for Stat::IsMode perl module. I recommend putting this in your hat for future reference!