checking effective file permissions

[David K. Wall]

This is sort of a stealth CGI question. I want to make sure that a
particular CGI program has all the necessary files it needs to run,
and that those files have the appropriate permissions. I'll run
something like the code below. Does anyone have any criticism of this
code, or possibly a suggestion for a better way to go about it?



# these are the desired permissions for each file
my %desired = qw(
program1 r-x
data1 rw-
example rwx
module1 r--
);

foreach my $file (keys %desired) {
my $perm = (-r $file ? 'r' : '-')
. (-w $file ? 'w' : '-')
. (-x $file ? 'x' : '-');
unless ( $perm eq $desired{$file} ) {
print "$file: desired=$desired{$file}, found=$perm\n";
}
}

 

[Matt Garrish]

This is sort of a stealth CGI question. I want to make sure that a
particular CGI program has all the necessary files it needs to run,
and that those files have the appropriate permissions. I'll run
something like the code below. Does anyone have any criticism of this
code, or possibly a suggestion for a better way to go about it?



# these are the desired permissions for each file
my %desired = qw(
program1 r-x
data1 rw-
example rwx
module1 r--
);

foreach my $file (keys %desired) {
my $perm = (-r $file ? 'r' : '-')
. (-w $file ? 'w' : '-')
. (-x $file ? 'x' : '-');
unless ( $perm eq $desired{$file} ) {
print "$file: desired=$desired{$file}, found=$perm\n";
}
}

I would think it would be easier to change your hash to the numeric
representations and then just do:

my $fperm = sprintf("%04o", (stat($file))[2] & 07777);

if ( $fperm != $desired{$file}) {
print "$file set to $fperm but $desired{$file} expected\n";
}



Matt

 

[David K. Wall]

This is sort of a stealth CGI question. I want to make sure that a
particular CGI program has all the necessary files it needs to run,
and that those files have the appropriate permissions. I'll run
something like the code below. Does anyone have any criticism of this
code, or possibly a suggestion for a better way to go about it?


# these are the desired permissions for each file
my %desired = qw(
program1 r-x
data1 rw-
example rwx
module1 r--
);

foreach my $file (keys %desired) {
my $perm = (-r $file ? 'r' : '-')
. (-w $file ? 'w' : '-')
. (-x $file ? 'x' : '-');
unless ( $perm eq $desired{$file} ) {
print "$file: desired=$desired{$file}, found=$perm\n";
}
}

I would think it would be easier to change your hash to the numeric
representations and then just do:

my $fperm = sprintf("%04o", (stat($file))[2] & 07777);

if ( $fperm != $desired{$file}) {
print "$file set to $fperm but $desired{$file} expected\n";
}

Kind of amusing actually, since that's what I did first, straight from the
docs for stat(). I have to plead guilty to not posting all the relevant
information. My apologies.

It occurred to me that, depending on the host, some CGI programs run as a
particular user instead of nobody. In that case, if the CGI runs as me (or
whoever), then the exact permissions are irrelevant as long as the
appropriate user can read, write, or execute a file. So instead of using
the overly-permissive 0666, I might be able to get by with 0600, and -r
would still tell me I could read the file.

I think this is getting offtopic and into CGI issues, though, so maybe I
should post elsewhere. (and that's without getting into the Windows issue
of stat() saying a CGI program isn't executable even though it runs fine.
)

 

[Glenn Jackman]

my $perm = (-r $file ? 'r' : '-')
. (-w $file ? 'w' : '-')
. (-x $file ? 'x' : '-');

Note that that will stat the file 3 times. More efficient is to use "_",
the buffer of the most recent stat:
my $perm = (-r $file ? 'r' : '-')
. (-w _ ? 'w' : '-')
. (-x _ ? 'x' : '-');