[mod_python] Problem with .psp_

Jim Gallacher jpg at jgassociates.ca
Fri Dec 21 00:56:15 EST 2007 

Charles Perreault wrote:
> Graham Dumpleton wrote:
>> On 21/12/2007, Charles Perreault <muganor at videotron.ca> wrote:
>>   
>>> ~$: ls -las /home/user/public_html/
>>>  8 drwx--x--x  7 user user  4096 2007-12-20 21:58 .
>>> 64 drwx--x--x 71 user user 49152 2007-12-20 23:01 ..
>>>  8 drwx--x--x  5 user user  4096 2007-12-16 22:04 cgi-bin
>>>  0 drwxr-xr-x  2 user user     1 2007-12-16 11:24 download
>>>  4 -rw-r--r--  1 user user  1150 2007-11-06 20:45 favicon.ico
>>>  4 -rw-r--r--  1 user user    66 2007-12-16 22:29 test.psp
>>>  4 -rw-r--r--  1 user user   401 2007-12-16 00:31 index.html
>>>  4 -rw-r--r--  1 user user   106 2007-12-17 16:16 komodo.html
>>>  4 -rw-r--r--  1 user user   206 2007-12-16 23:57 komodo.py
>>>  4 -rw-r--r--  1 user user   134 2007-12-16 23:23 mptest.py
>>>  4 drwx--x--x  5 user user    72 2007-12-17 16:24 noel
>>>  8 drwx--x--x 10 user user  4096 2007-12-16 01:01 photos
>>>  0 drwx------  4 user user    16 2007-11-26 21:56 upload
>>>
>>> Yes Apache is running as user and group 'www-data'.  I know about file
>>> permissions and ACL a lot.  The complaint in error.log is about Apache
>>> Multiviews, which I don't care if it doesn't work.  In fact I'm thinking
>>> about disabling it.  You say Apache needs reading option on directories,
>>> which from my experience is only true IF you want it to be able to
>>> create a directory listing (which is a minor security issue and must be
>>> enabled on a per-directory basis).
>>>     
>>
>> True, although looks like MultiViews may depend on getting directory
>> listing as well and thus the error.
>>   
> Indeed it does need to get the directory listing.  Multiview tries to 
> match inexisting requests with the best match it can find in a 
> directory.  Therefore, it needs to get the listing and parse it.  
> Example:  http://localhost/mypage  may be redirected to 
> http://localhost/mypage.php if mypage don't exist.  However, if  
> mypage.xhtml, mypage.html, mypage.html3, mypage.psp, mypage.php all 
> exists, it's hard to know which file will be picked.
>>   
>>>  Else, indeed files need reading
>>> permissions and folders only need execute.  Does mod_python .psp_
>>> debugging rely on Multiview and therefore on folder reading permissions ???
>>>     
>>
>> No, doesn't require MultiViews so safe to disable that option. Can't
>> see how it would make a difference though.
>>   
> Same here.
>> Can't think of anything else at the moment and don't have access to
>> mod_python code to look at it.
>>   
> Maybe multiview can make .psp_ work, since it will try to match the 
> request with an existing file, which will surely be the .psp file.  But 
> I doubt that is the correct way to make .psp_ work.

I really don't think it's a problem with mod_python. The way I 
understand it, with MultiViews on apache selects the content handler 
*after* it's made it's best attempt at a file match. As test.psp_ 
doesn't exist apache needs to read the directory but it is prevented 
from doing so because of your directory permissions, so it generates a 
403 error and returns. Mod_python (or any other handler) never gets a look.

Either turn Multiviews off or change your directory permissions to allow 
apache to read the directory.

Jim

More information about the Mod_python mailing list