[LON-CAPA-admin] Issues with zipspool
Lucas, Mark
lucasm at ohio.edu
Mon Apr 13 17:46:58 EDT 2020
Hi,
I’m trying to figure out if there is a hidden permission for the “Download All Submitted Documents”
feature or if I somehow have the system misconfigured for directory permissions.
As many people probably are doing, we have students uploading work more.
We have lab course set up with the TAs as true TAs for grading purposes.
In the system they would like to “Download All Submitted Documents” from students,
and the link is available. They click on the link on the link, the zip file is created, but then
when they click on the zipspool link, the system chokes: “This action is currently not authorized”.
.
LON-CAPA Access Control
Access :
Resource: /zipspool/zipout/wolfman
Action : 1
Sorry ...
This action is currently not authorized.
This does work if the user has CC privileges in the course, but not instructor or TA as far
as I can tell.
In loncapa-apache, zipspool is referenced:
# Allow serving of files in zipspool
<Directory "/home/httpd/zipspool/">
Options FollowSymLinks
AllowOverride None
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
order allow,deny
allow from all
</IfModule>
</Directory>
and
<LocationMatch "/zipspool">
AuthType LONCAPA
Require valid-user
PerlAuthzHandler Apache::lonacc
ErrorDocument 403 /adm/login
ErrorDocument 404 /adm/notfound.html
ErrorDocument 406 /adm/roles
ErrorDocument 413 /adm/overloaded.txt
ErrorDocument 500 /adm/errorhandler
</LocationMatch>
The only reference I found in lib/perl/Apache was:
lonacc.pm:
if ($requrl =~ m|^/zipspool/|) {
my $start='/zipspool/zipout/'.$env{'user.name'}.":".
$env{'user.domain'};
if ($requrl !~ /^\Q$start\E/) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;
}
}
Which seems to only care that the file belongs to the appropriate username and domain.
I cannot find any other explicit place that this file is mentioned, though I can believe I’m missing
some other generic handler.
On the filesystem end:
/home/httpd:
drwxrwxr-x+ 4 www www 4096 May 17 2019 zipspool
ls -larct zipspool:
drwxrwxr-x+ 4 www www 4096 May 17 2019 .
drwxrwxr-x+ 19 root root 4096 Mar 22 01:41 ..
drwxrwx---+ 8 www www 4096 Apr 10 09:15 zipdir
drwxrwx---+ 8 www www 4096 Apr 10 09:15 zipout
ls -larct zipdir:
drwxrwxr-x+ 4 www www 4096 May 17 2019 ..
drwxrwx---+ 8 www www 4096 Apr 10 09:15 .
drwx------+ 2 www www 4096 Apr 10 09:19 jm443918:ohiou
drwx------+ 2 www www 4096 Apr 10 14:01 bf071017:ohiou
drwxrwx---+ 2 www www 4096 Apr 12 23:39 tees:ohiou
drwxrwx---+ 2 www www 4096 Apr 13 14:10 ingram:ohiou
drwx------+ 2 www www 4096 Apr 13 16:35 lucas:ohiou
drwx------+ 2 www www 4096 Apr 13 17:11 wolfman:ohiou
(I am not sure why some users have different permissions)
ls -larct zipout:
drwxrwxr-x+ 4 www www 4096 May 17 2019 ..
drwxrwx---+ 8 www www 4096 Apr 10 09:15 .
drwx------+ 2 www www 4096 Apr 11 01:05 bf071017:ohiou
drwx------+ 2 www www 4096 Apr 11 01:05 jm443918:ohiou
drwxrwx---+ 2 www www 4096 Apr 13 01:05 tees:ohiou
drwxrwx---+ 2 www www 4096 Apr 13 14:10 ingram:ohiou
drwx------+ 2 www www 4096 Apr 13 16:35 lucas:ohiou
drwx------+ 2 www www 4096 Apr 13 17:11 wolfman:ohiou
zipout/wolfman:
drwxrwx---+ 8 www www 4096 Apr 10 09:15 ..
-rw-rw----+ 1 www www 12038970 Apr 13 16:06 DropBox011586808383_54146_1.zip
-rw-rw----+ 1 www www 12038969 Apr 13 16:11 DropBox011586808660_61888_1.zip
-rw-rw----+ 1 www www 4957076 Apr 13 16:36 DropBox011586810196_55286_1.zip
-rw-rw----+ 1 www www 29549256 Apr 13 16:39 DropBox011586810337_21222_1.zip
-rw-rw----+ 1 www www 29549255 Apr 13 16:43 DropBox011586810582_50602_1.zip
-rw-rw----+ 1 www www 476593 Apr 13 17:11 DropBox011586812263_16535_1.zip
drwx------+ 2 www www 4096 Apr 13 17:11 .
So my question is, what am I missing? Is this a file permission issue, in which case, why
does it work for wolfman’s role as CC but not instructor or TA?
Or is there an internal LC extra check I’m not seeing?
Thanks!
Mark
--
Mark Lucas email: lucasm at ohio.edu
252D Clippinger Lab phone: (740)597-2984
Department of Physics and Astronomy fax: (740)593-0433
Ohio University
Athens, OH 45701
More information about the LON-CAPA-admin
mailing list