Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 4 Sep 2002 19:15
 Next: 5 Sep 2002 16:49

Other threads:
 Prev: Email Error
 Next: Area bug?

Same author:
 Prev: 4 Sep 2002 0:10
 Next: 5 Sep 2002 22:08

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
26-Jul 23:31 UTC
[0.05] 10.293k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: CGI directory access questions

From: carl:cybercraft at: 5-Sep-2002 17:56


Hi Jason,

My guess would be that your problem isn't a CGI-specific one, but just
a case of REBOL's standard security level settings.  REBOL runs in a
sandbox, and any attempt to access files outside of it causes a
warning.  See "Security Issues" in the Core Guide's "Operation"
section here...

http://www.rebol.com/docs/core23/rebolcore-2.html

for how to alter the security levels.

Hope that puts you on the right track.

Carl.

On 05-Sep-02, Jason Cunliffe wrote:


> "Rebol CGI Permissions 101" I guess.. I can now upload files happily
> via http, using Andreas' multipart/form script. But still need help
> understanding how basic file and directory permissions work from
> rebol CGI.

> Example: When I login and run my %testupdir.r script from the bash
> shell it works OK:

> ----------------------
> #!/home/rebol/rebol -cs
> REBOL []
> print "Content-type: text/html^/^/"

> message: "hello testing writing to a directory via cgi script"
> append message rejoin [newline read %. " "  now/time]
> updir: %uploads/
> filename: %testupdir.txt
> filepath: join updir filename
> write filepath message   ; does not work from CGI
> ;write filename message  ; works from CGI
> quit
> ----------------------

> Login and then running script manually from REBOL shell works too,
> but I get security prompt:
>>> now
> == 4-Sep-2002/18:44:08-4:00
>>> do %testupdir.r

> REBOL - Security Check:
> Script requests permission to open a port for read/write on:
> /web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt
> Yes, allow all, no, or quit? (Y/A/N/Q) Y
>>> read %uploads/testupdir.txt
> == {hello testing writing to a directory via cgi script
> 18:44:27longpath}

> BUT, when I call it as CGI directly in a browser url, it returns
> this error:

> ** Access Error: Cannot open
> /web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt **
> Where: do-boot ** Near: write filepath message

> However, if I change script above instead to write into the current
> directory, then its OK!

> Q1: What do I need to do to so my script has permissions to run from
> CGI and read/write into a subdirectory?

> Q2: Why does it work ok as bash shell executable, but needs manual
> confirmation in REBOL shell.
> Q3: What options are there for controlling these permissions? Q4:
> What checks can I run in rebol CGI scripts to check permission first
> for directories
> => create, read, or write

> thanks
> ./Jason


--
Carl Read

1 · [2] · 3 · 4 · 5 · 6 · See whole thread