wrong permissions on uploaded php scripts

Bug #621749 reported by plan_rich on 2010-08-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bzr Upload plugin

Bug Description

Basically i have a ftp access from my provider (weblino.de) and i want to upload my project to my web root folder.
Bzr upload loads all files into the right directory and all files do have the same size as on my machine.

BUT when i access the index.php file or any other .php file the apache webserver throws this error:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g Server at www.web348.istnochinarbeit.de Port 80"

Copying manually with Nautilus does not raise any error at all!

Further info:
I also checked the permissons of my index.php file and it was 744 so i changed it to 644 and it worked. Also going back to 744 does not raise the error again!

bzr version:
Bazaar (bzr) 2.1.1
  Python interpreter: /usr/bin/python 2.6.5
  Python standard library: /usr/lib/python2.6
  Platform: Linux-2.6.32-24-generic-pae-i686-with-Ubuntu-10.04-lucid
  bzrlib: /usr/lib/python2.6/dist-packages/bzrlib
  Bazaar configuration: /home/rich/.bazaar
  Bazaar log file: /home/rich/.bzr.log

Copyright 2005-2010 Canonical Ltd.

bzr comes with ABSOLUTELY NO WARRANTY. bzr is free software, and
you may use, modify and redistribute it under the terms of the GNU
General Public License version 2 or later.

Bazaar is part of the GNU Project to produce a free operating system.

bzr plugins -v:
bzrtools 2.1.0
    Various useful commands for working with bzr.

launchpad 2.1.1
    Launchpad.net integration plugin for Bazaar.

netrc_credential_store 2.1.1
    Use ~/.netrc as a credential store for authentication.conf.

news_merge 2.1.1
    Merge hook for bzr's NEWS file.

upload 1.0.0dev
    Upload a working tree, incrementally.

description: updated
security vulnerability: yes → no
visibility: private → public
Jelmer Vernooij (jelmer) wrote :

Have you compared the contents of the file as uploaded by bzr-upload with the one uploaded by nautilus? Are you sure this isn't just a bug in your php script?

plan_rich (richard-plangger) wrote :

I tried nautlius (the exact same php scripts + contents) and the server did display my page as on my machine.
I tried with git-ftp (the exact same php scripts + contents) and it also worked without any problems.

bzr upload throws this nasty 500 Internal Server Error. I can reproduce this bug a 1000 times (because i already did that :) ) and the only way to make it work with bzr upload is to change the rwx flags...

plan_rich (richard-plangger) wrote :

this does only affekt php scripts. I can download any other resource (.swf, .png, .jpg).

maybe bzr upload is missing some ftp communication to complete the request faultless?

I'll try to reproduce this on another ftp server!

plan_rich (richard-plangger) wrote :

i also reproduced the same behaviour on a telekom.at ftp server.
This is what i did:
rich@rich-laptop:~$ mkdir test
rich@rich-laptop:~$ cd test/
rich@rich-laptop:~/test$ echo "<?php echo 'this is a bzr upload test'; ?>" > test.php
rich@rich-laptop:~/test$ cat test.php
<?php echo 'this is a bzr upload test'; ?>
rich@rich-laptop:~/test$ bzr init
Created a standalone tree (format: 2a)
rich@rich-laptop:~/test$ bzr add test.php
adding test.php
rich@rich-laptop:~/test$ bzr commit -m "init"
Committing to: /home/rich/test/
added test.php
Committed revision 1.
rich@rich-laptop:~/test$ bzr upload ftp://b9627xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.bon.at/var/www/html/
FTP b9627xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.bon.at password:
No uploaded revision id found, switching to full upload
Uploading test.php

accessing the test.php raises our old friend 500!

Martin Albisetti (beuno) wrote :

So, bzr-upload does a crc check when uploading files, so it is most likely not corrupted, but rather has a different set of permissions than other files, I'd guess the execute bit.
Try doing an "ls -l" on the remote directory, and take a look at what the differences are between that file and the others.

plan_rich (richard-plangger) wrote :

I tested the uploaded file of bzr:
-rw-rw-r-- 1 theusername theusername 44 Aug 23 09:36 test.php

then I executed:
chmod 764 test.php
200 SITE CHMOD command successful
-rwxrw-r-- 1 theusername theusername 44 Aug 23 09:36 test.php

BUT the file is still not working through the webserver!

Natuilus produces this file:
-rw-r--r-- 1 theusername theusername 44 Aug 23 09:41 test.php

and if i set via chmod 644 after bzr upload there is error 500!

so it depends on the user write flag!

plan_rich (richard-plangger) wrote :


and if i set via chmod 644 after bzr upload there is !!!NO!!! error 500!

Vincent Ladeuil (vila) wrote :

Right, so it's not a content problem but rather a permission problem.
And probably specific to your server.

There are plans to implement a user option to define default permission bits, but in the mean time,
you can try to hack the source:

   modified __init__.py

=== modified file '__init__.py'
--- __init__.py 2010-05-25 07:01:24 +0000
+++ __init__.py 2010-08-23 08:15:26 +0000
@@ -336,7 +336,7 @@
             if self.tree.is_executable(id):
                 mode = 0775
- mode = 0664
+ mode = 0644
         if not self.quiet:
             self.outf.write('Uploading %s\n' % relpath)
         self._up_put_bytes(relpath, self.tree.get_file_text(id), mode)

Should be enough to address your case, be sure to try it on a *new* uploaded file though.

Vincent Ladeuil (vila) on 2010-08-23
summary: - bzr upload on my ftp generates corrupt files
+ wrong permissions on uploaded php scripts
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers