Skip Menu |
 

This queue is for tickets about the File-ShareDir CPAN distribution.

Report information
The Basics
Id: 114362
Status: stalled
Priority: 0/
Queue: File-ShareDir

People
Owner: Nobody in particular
Requestors: BBYRD [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Simple -X checks don't account for ACLs
Download (untitled) / with headers
text/plain 526b
For directories with ACLs on them, a simple -r check won't work. We have a directory that fails a -r check, but is actually readable, due to ACLs. This is actually a common problem of ours with a few different modules. The perldoc -X page talks about it. You could add a "use filetest 'access'" line to fix that. Although, the most reliable method is to just open/opendir the file/directory and see if it works. If it doesn't, the standard error message will spit out a good enough reason, including permission problems.
Download (untitled) / with headers
text/plain 1.5k
On Fri May 13 11:11:01 2016, BBYRD wrote: Show quoted text
> For directories with ACLs on them, a simple -r check won't work. We > have a directory that fails a -r check, but is actually readable, due > to ACLs.
Just because I care - Windows, Linux or Unix? If Unix, which one? Show quoted text
> This is actually a common problem of ours with a few > different modules. The perldoc -X page talks about it.
Not very explicitely - but ok, noticed :) Show quoted text
> You could add a "use filetest 'access'" line to fix that. Although, > the most reliable method is to just open/opendir the file/directory > and see if it works. If it doesn't, the standard error message will > spit out a good enough reason, including permission problems.
I understand that you're usecase is covered by that approach. Few (maybe insane) thoughts speak against that quick shot: 1) performance tradeoff The changed implementation will take longer for any check it does, depending how the module is used, this can significantly slow down startups of tools used in batch processing 2) security tradeoff The changed implementation might trigger IDS because of access attempts 3) behavioral change The changed implementation might unexpectedly deliver different results (given, current users rely on this - even if wrong - behavior) It sounds as a better approch to me allowing new test methods being externally provided (plugin, role, ...) and specified on load or on instantiation. This might need more discussion. Can you please ask for comments on cpan-workers@ regarding this topic? Cheers, Sno


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.