0

I'm running apache with mod_python, and I'm having trouble reading files from a specific directory. Previously the directory had 0777 permissions but I've decided to change it to 0770 (not quite happy with having other RW access).

So I changed the permissions of the directory and changed its group to "apache" since another user writes information into it (which is also a member of the "apache" group). I've also enabled the Set-group-ID bit since the main group of the user who writes isn't "apache".

When I look at the files I do see that all have the correct permissions and group, but when I try to load a page from the directory I get:

567 dirlist = os.listdir(logroot)
568 dirlist.sort(key=int,reverse=True)
569 for entry in dirlist[0:days]:

dirlist undefined, global os = , os.listdir = , logroot = '/path-to-dir/fix-dir-permissions/Logs/'

type 'exceptions.OSError': [Errno 13] Permission denied:'/path-to-dir/fix-dir-permissions/Logs/'

The Logs directory has the following permissions:

drwxrws---  4 john apache     4096 Dec 27 15:59 Logs

What am I doing wrong?

Benjamin K.
  • 133
  • 2
  • I've decided to change it to 0770 : You missed : drwxrws <- the s indicates 2770 instead of 0770. But it's not likely to be the cause of your problem –  Dec 27 '12 at 14:54
  • @EricDANNIELOU, You are correct, I miss wrote 0777. In my code I set it using python's os.chmod function, and there I use S_ISGID flag so it works correctly. – Benjamin K. Dec 27 '12 at 15:04

1 Answers1

0

Check the permissions of all directories above the Logs/ directory, and also check the status of SELinux. Those are the two most common issues I've seen result in situations like this.

John
  • 8,920
  • 1
  • 28
  • 34
  • The directory above don't have the apache group but this is intentional, it is not supposed to read from there. How is SELinux supposed to affect this? – Benjamin K. Dec 27 '12 at 15:01
  • The directory above still needs to be traversible by the apache user/group. That usually translates to ensuring you have all directories above the target (in this case the Logs/ directory) executable by other. SELinux, if in enforcing mode and the Logs directory not properly labeled as a web content directory, will prevent apache from reading that directory regardless of the file permissions. – John Dec 27 '12 at 15:03