Joshua Slive wrote:
> On Fri, 9 May 2003, Rich Bowen wrote:
>
>
>>I'm experiencing a should-not-happen condition in apache 1.3.27, and
>>wondered if anyone else could verify for me. In the case of a 403
>>error caused by incorrect directory permissions, there is no error
>>log entry. If the file is unreadable, the 403 goes in the error log.
>>But if the directory has bogus permissions, there's no entry.
>>This is on 1.3.27 I've tested this on 2 servers so far, and it seems
>>consistent.
>
>
> Yes, this is a very longstanding and very irritating omission. I don't
> think I would be exagerating if I said this was the source of hundreds of
> confused queries to the users mailing list and newsgroup.
>
> I browsed through the default handler a while back trying to figure out
> where this error was getting dropped, but I ran out of time and never got
> back to it. Someone who knows the code better could probably find it
> faster.

hurray for truss!

/1: -> directory_walk(0x15a170, 0x0, 0x0, 0x0)
/1: -> ap_os_is_path_absolute(0x15a938, 0x0, 0x0, 0x0)
/1: <- ap_os_is_path_absolute() = 1
/1: -> get_path_info(0x15a170, 0x0, 0x0, 0x0)
stat("/export/home/trawick/apache13inst/htdocs/test/gobble.html",
0x0015A238) Err#13 EACCES
/1: <- get_path_info() = 403
/1: <- directory_walk() = 403
/1: -> ap_die(0x193, 0x15a170, 0x0, 0x0)

A check was added for eaccess with r1.40 of src/main/http_request.c:

The below patch makes the error message a bit more standard and doesn't
print it if the reason for stat failing was EACCES. Should go in before
the beta goes out.
Reviewed by: Randy Terbush
Submitted by: Marc Slemko

Here is how to back it out:

diff -u -r1.168 http_request.c
--- src/main/http_request.c 3 Feb 2003 17:13:23 -0000 1.168
+++ src/main/http_request.c 9 May 2003 18:01:06 -0000
@@ -288,7 +288,7 @@
}
else {
#if defined(EACCES)
- if (errno != EACCES)
+/* if (errno != EACCES) */
#endif
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"access to %s failed", r->uri);

Here is some text from dev@httpd around that time, showing justification
for that change:

On Wed, 15 Jan 1997 willday@... wrote:

> Submitter: willday@...
> Operating system: Solaris 2.x, version:
> Version of Apache Used: 1.1.3
> Extra Modules used:
> URL exhibiting problem: agent_log_module referer_log_module
config_log_module status_module
>
> Symptoms:
> --
> If a directory has insufficient perms (700), apache will report in
the error_log that "stat() returned u\
nexpected error[13]" for _each_ possible index file in
srm.con:DirectoryIndex. Errno 13, according to /us\
r/include/sys/errno.h, is EACCES "Permissio
n denied". This tends to fill up the error_log unnecessarily, and more
important error messages get lost \
in the noise. I would imagine the code should check to see if the
errno=EACCES, and just return FORBIDDEN\
, without logging an error.

Anybody want to see if backing out the change still results in multiple
error log entries for a directory listing?