You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by John Auer <ja...@aeronix.com> on 1998/11/11 01:32:16 UTC

mod_proxy/3375: proxy ftp fails if parent directory is not readable

>Number:         3375
>Category:       mod_proxy
>Synopsis:       proxy ftp fails if parent directory is not readable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Nov 10 16:40:00 PST 1998
>Last-Modified:
>Originator:     ja@aeronix.com
>Organization:
apache
>Release:        1.3.3
>Environment:
proxy running on Linux 2.0.35, i586, gcc 2.7.2.3, all 3 "apply to 1.3.3" patches
have been applied

talking to ftp server on SunOS 4.1.3, Sparc 2, stock ftp daemon
>Description:

I attempt to fetch:

ftp://www.aeronix.com/pub/private/subdirone/subdirtwo/file.txt

the permissions on pub, subdirone, and subdirtwo are 755
the permissions on private are 111
the permissions on file.txt are 644
the owner of all files/directories is root, group is staff
ftp daemon does not run as root

The result is:
The requested URL ftp://www.aeronix.com/pub/private/subdirone/subdirtwo/file.txt was not found on this server.

If I change the permissions on private to 555 things work ok.

Using a sniffer, I find the failing ftp session goes a little something
like this:
                     220 templeton ftp server(SunOS 4.1) ready
USER anonymous       331 Guest login ok, send ident as password
PASS apache_proxy@   230 Guest login ok, access restrictions apply
CWD pub              250 CWD command successful
CWD private          250 CWD command successful
CWD subdirone        250 CWD command successful
CWD subdirtwo        250 CWD command successful
TYPE I               200 Type set to I
PASV                 227 Entering passive mode
SIZE file.txt        500 'SIZE file.txt' : command not understood
PWD                  550 getwd: can't open ..
                     221 You could at least say goodbye
>How-To-Repeat:

This real life URL causes the same problem ("private" is 111):

ftp://ftp.zdnet.nis.newscorp.com/pub/private/sWlIB/utilities/system_utilities/ztsk95.zip

>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]