Question

. Hello I just finished installing and configuring a TWiki for a project getting under way. But now when I try to access the WebIndex I receive the following:

Insecure directory in $ENV{PATH}while running with -T switch at ../lib/TWiki/Search line 266

I saw the similiar question TWiki.Support.InsecureDirectory but the answer given did not help me. After removing the group Everyone from the directory permissions on cygwin and TWiki I get Internal Server Errors trying to access the testenv page and although other pages seem to work normally I still face the Insecure directory when I try to access WebIndex.
I even went so far as to try to get it to print the offending command in the Search script. But I am by no means a perl expert and could not get the output from the print I stuck in there. I figure there is a path or name the TWiki.Codev.TWikiInstallationGuide.SettingLibPath.TaintChecking does not like but testenv has no complaints. Any help would be appreciated.

• TWiki version: 01-Dec-2001
• Web server: Apche 2.0.43
• Server OS: Win2k Prof
• Web browser: Opera
• Client OS: Win2k Prof

-- ChrisOConnor - 21 Nov 2002

I installed following the WindowsInstallCookbook which was very helpful and checked the comments on it. I'll check TWikiDebugging and see if I can't get some more info on what's happening behind the scenes. Maybe that will shed some light on where I went astray. Wish me luck, thank you, and have a good weekend:)

-- ChrisOConnor - 22 Nov 2002

Answer

Please attach your TWiki.cfg as mentioned in SupportGuidelines, and the output of the latest testenv (see CVSget:bin/testenv). It may be that the PATH variable settings are wrong - CVSget:lib/TWiki.cfg has some additional comments that may help.

As always, using WindowsInstallCookbook is the best way to avoid Windows installation problems, although Apache 2 also has some authentication issues.

TWikiDebugging explains how to insert writeDebug statements to print out values to debug.txt.

-- RichardDonkin - 22 Nov 2002

Hi there, I ran into the exact same issue as you and resolved it. I found that TWiki installs easy on a WinXP system but on Win2K runs into this insecure issue. The instructions on the other page may be incorrect or perhaps incomplete. You don't want to remove "everyone" permissions. Perl's taint checking just wants to make sure that "everyone" doesn't have write access, which is the default on Win2k (changed for XP). What I did was just take the WinXP permissions from my working box and copy them onto the Win2K box for c:/cygwin/bin. They are:

• Administrators (full access)
• CREATOR OWNER (full access)
• SYSTEM (full access)
• Users (all except full)
• Everyone (read & execute, list, read)

These aren't identical to the XP permissions, but are close enough, and it solved the issue for me.

-- ScottBilas - 26 Nov 2002

Scott - thanks for the info, sounds like a good fix. I would like to try to work out why this happens on some Windows 2000 installs and not on others - could you upload your TWiki.cfg and the latest testenv's output? Also, some info about your environment would be great, i.e. Perl version and type etc, as per SupportGuidelines. Once we have characterised this a bit better I will update the WindowsInstallCookbook.

-- RichardDonkin - 29 Nov 2002

Scott - Thanks for the tip. I tried to modify the permissions manually on win2k but no luck. Finally I zipped entier cygwin/bin directory from my XP machine and unzipped it on Windows 2000 machine and it worked like a charm. Would never have been able to figure out ! Thanks.

-- HaritNanavati 13 Feb 2002

Scott, Good suggestion however I've found changing the permission for only Everyone, Write deny will solve the problem under Win2K.

-- JeremyWhiting 23 Feb 2003

chmod o-w /bin also works for me. This makes the error message go away, but highlights security problems with my installation of cygwin. Looking into this it appears that the permissions of /bin (rwxrwxrwx+) are based on the windows permissions c:\cygwin\bin, which are set to inheret from c:\cygwin, and in turn are inhereted from c: In my case (Win2k, cygwin installed by a normal user), these are set to Allow : Everyone : Full-control. (oops) This issue affects most of the cygwin filesystem. If permissions on c:\cygwin are loose, then any windows or cygwin user can change or even delete /bin /usr/sbin /lib and so on. The right thing to do would be to fix this reviewing file ownership and permissions in relation to cygwin users and windows users and groups.

I think a compromise might be to tighten up the file permissions as outlined in Scott's comment about not just on \bin but on on the root : c:\cygwin. Once fixed at this level, the changed permissions are inhereted by most files and subdirectories.

-- SeanFarrell - 02 May 2003

Denying write to Everyone will make twiki work, but you won't be able to upgrade cygwin anymore as deny always takes precedence over allow .

A more correct fix is to

1. bring up security properties on the top cygwin directory (c:\cygwin),
2. uncheck 'inherit permissions', slap the 'copy existing' button when prompted
3. for the 'Everyone' group, uncheck Write access and Full Control
4. Add the groups CREATOR OWNER, SYSTEM and give them Full Control
5. Add the users Administrator, Your_Name and give them Full Control

-- MattWilkie - 29 Jun 2003

My instructions sound much more authoritative than they are. For reasons I have not figured out I periodically need to reset the permissions as above on the cygwin and/or twiki directory tree. Even though I give CREATOR OWNER full control, it doesn't stick. Also it might be that unless you give the Adminstrator user and the Administrators group full permissions one of the two is removed. As I said, I don't understand what is happening, however resetting the perms makes everything work for awhile.

I have the Windows Update thing enabled. It could be that each time a new security update is applied it changes the way permissions are dealt-with/configured.

-- MattWilkie - 24 Jul 2003

I’ve installed my third Twiki installation yesterday on a W2K workstation. I downloaded the recent Cygwin version. For the two first installations, I used the ActiveState Perl 5.6.1 engine without any real problems. The Twiki site would start as foreseen.

Noticing that the cookbook now recommended the Cygwin-Perl 5.8.5 version I decided to install it instead for my third installation.

That’s when I got the Insecure directory in $ENV{PATH}while running with -T switch at ../lib/TWiki/Search line 266 error message when I tried to test run my first twiki page.

The chmod o-w /bin fixed the problem. I’ve haven’t got down to checking the Windows security roles and doing "the correct fix", but I sure will eventually.

-- SebastienNault - 16 Dec 2004

I would like to add a comment to what Matt Wilkie wrote: 'the full control given to CREATOR OWNER does not stick'.

It's the same I experienced, but if you mark the CREATOR OWNER and click the "Advanced..." button further down in this cygwin Properties window, you will find that CREATOR OWNER actually has Permission as full control, even though this is not shown on the first pane. This might have to do with the fact, that the CREATOR OWNER permissions are only applied to 'Subfolders and files only' which is different from the other entries.

Anyway, I am happy to say that changing the windows permissions for cygwin eliminates yet another one of my problems when installing TWiki. Thanks!

-- JuditMays - 11 Jan 2005