Ruby seems to prefer to check access rights based on effective uid where possible and not on the actual uid and some platforms provide a system call to facilitate this. OpenSolaris doesn't so the fallback is to perform manual checks using the 'mode' of the file/directory. This completely ignores any ACLs that may be set on that file/directory. The access() system call is a standard C-library function and on OpenSolaris it works with ACLs but as it uses the real uid it's only used as a fallback if a platform has no way to determine effective uid. OpenSolaris does, so access() is never used.
Basically for OpenSolaris the whole thing needs a rethink. I'll raise an RFE for it. Did you look at Daniel Berger's solaris-file ruby extension (http://github.com/djberg96/solaris-file)? Unfortunately it doesn't extend File.readable?, etc, it just adds ACL support. Regards Amanda On 23/01/2010 19:58, Henry Jen wrote: > Moving this conversation to webstack-discuss. > > The OS is OpenSolaris(of course) on build 130, ruby is whatever in IPS. > > $ ruby --version > ruby 1.8.7 (2009-06-12 patchlevel 174) [i386-solaris2.11] > > The directory is in a zfs(it should not matter), the permission is set using > /usr/bin/chmod. > > $ mkdir test > $ /usr/bin/ls -ldV test > drwxr-xr-x 2 henryjen staff 2 Jan 23 11:53 test > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:r-x---a-R-c--s:-------:allow > $ irb > irb(main):001:0> File.readable? test > ArgumentError: wrong number of arguments > from (irb):1:in `test' > from (irb):1 > irb(main):002:0> File.readable? 'test' > => true > irb(main):003:0> File.executable? 'test' > => true > irb(main):004:0> quit > > $ /usr/bin/chmod A=user:henryjen:full_set:fd:allow test > $ /usr/bin/ls -ldV test > d---------+ 2 henryjen staff 2 Jan 23 11:53 test > user:henryjen:rwxpdDaARWcCos:fd-----:allow > > $ irb > irb(main):001:0> File.readable? 'test' > => false > irb(main):002:0> File.executable? 'test' > => false > irb(main):003:0> quit > > Cheers, > Henry > > >> Hi Henry, >> >> Before I look into it can you give me details of your >> setup, OS and Ruby >> versions particularly? webstack-discuss is probably >> the best place to >> raise this kind of issue, maybe you could resend your >> question there >> along with your setup details. >> >> Thanks >> >> Amanda Waite >> >> On 23/01/2010 09:17, Henry Jen wrote: >> >>> Hi, >>> >>> I am not sure if Ruby issue is for this forum or >>> >> webstack, apologize if this is not the right forum, >> and please guide me to the right place. >> >>> Here come the question, I have a directory setting >>> >> access permission using ACL, not general chmod, and >> seems like Ruby doesn't like that at all. Is this a >> known issue? >> >>> Following is the irb test result and the directory >>> >> permission setting. >> >>> Cheers, >>> Henry >>> >>> irb(main):003:0> File.directory? '/export/Share' >>> => true >>> irb(main):004:0> File.readable? '/export/Share' >>> => false >>> irb(main):006:0> File.executable? '/export/Share' >>> => false >>> >>> $ /usr/bin/ls -Vd /export/Share/ >>> d---------+ 11 family root 11 Jan 12 >>> >> 19:11 /export/Share/ >> >>> >> group:staff:rwxpdDaARWcCos:fd-----:allow >> group:kids:r-x---a-R-c---:fd-----:allow >> groups >> staff adults >> >> ____________________________________________ >> sfwnv-discuss mailing list >> sfwnv-discuss at opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/sfwnv-dis >> cuss >>
