Patch Ruby File.readable to check ACLs

Posted by Brian on September 30, 2010

I ran into a problem with using send_file in a Ruby on Rails application. Instead of the file being delivered to the user, an ActionController::MissingFile exception would occur indicating that the file cannot be read. This exception was raised by the following code:

raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path)

Examining the source code of file.c for the Ruby language revealed that only the POSIX permissions of the file are being checked by File.readable? and not any Access Control Lists (ACLs). This was the cause of the problem since the Rails application’s access to the file being sent was granted by an ACL while the POSIX permissions did not grant access.

It was not practical to use POSIX permissions for the particular Rails application I was working with, so I wrote a patch for Ruby that will cause File.readable? to respect the permissions provided through the ACLs. The patch also modifies the other File methods that are typically used to check file permissions such as File.writable? and File.executable?

darwin_acl_file_patch.rb (6 KB)

I fixed things for the Rails application by installing the patch in the config/initializers folder.