[REBOL] Re: CGI directory access questions
From: carl:cybercraft at: 5-Sep-2002 17:56
Hi Jason,
My guess would be that your problem isn't a CGI-specific one, but just
a case of REBOL's standard security level settings. REBOL runs in a
sandbox, and any attempt to access files outside of it causes a
warning. See "Security Issues" in the Core Guide's "Operation"
section here...
http://www.rebol.com/docs/core23/rebolcore-2.html
for how to alter the security levels.
Hope that puts you on the right track.
Carl.
On 05-Sep-02, Jason Cunliffe wrote:
> "Rebol CGI Permissions 101" I guess.. I can now upload files happily
> via http, using Andreas' multipart/form script. But still need help
> understanding how basic file and directory permissions work from
> rebol CGI.
> Example: When I login and run my %testupdir.r script from the bash
> shell it works OK:
> ----------------------
> #!/home/rebol/rebol -cs
> REBOL []
> print "Content-type: text/html^/^/"
> message: "hello testing writing to a directory via cgi script"
> append message rejoin [newline read %. " " now/time]
> updir: %uploads/
> filename: %testupdir.txt
> filepath: join updir filename
> write filepath message ; does not work from CGI
> ;write filename message ; works from CGI
> quit
> ----------------------
> Login and then running script manually from REBOL shell works too,
> but I get security prompt:
>>> now
> == 4-Sep-2002/18:44:08-4:00
>>> do %testupdir.r
> REBOL - Security Check:
> Script requests permission to open a port for read/write on:
> /web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt
> Yes, allow all, no, or quit? (Y/A/N/Q) Y
>>> read %uploads/testupdir.txt
> == {hello testing writing to a directory via cgi script
> 18:44:27longpath}
> BUT, when I call it as CGI directly in a browser url, it returns
> this error:
> ** Access Error: Cannot open
> /web/turbulence/www/Works/trees/vanilla/uploads/testupdir.txt **
> Where: do-boot ** Near: write filepath message
> However, if I change script above instead to write into the current
> directory, then its OK!
> Q1: What do I need to do to so my script has permissions to run from
> CGI and read/write into a subdirectory?
> Q2: Why does it work ok as bash shell executable, but needs manual
> confirmation in REBOL shell.
> Q3: What options are there for controlling these permissions? Q4:
> What checks can I run in rebol CGI scripts to check permission first
> for directories
> => create, read, or write
> thanks
> ./Jason
--
Carl Read