Here is the output when trying to run a doctest via sage -t FILENAME:
Traceback (most recent call last):
File "/Applications/Sage-5.12-OSX-64bit-10.6.app/Contents/Resources/sage/local/bin/sage-runtests", line 87, in <module>
err = DC.run()
File "/Applications/Sage-5.12-OSX-64bit-10.6.app/Contents/Resources/sage/local/lib/python2.7/site-packages/sage/doctest/control.py", line 882, in run
self.test_safe_directory()
File "/Applications/Sage-5.12-OSX-64bit-10.6.app/Contents/Resources/sage/local/lib/python2.7/site-packages/sage/doctest/control.py", line 391, in test_safe_directory
.format(os.getcwd()))
RuntimeError: refusing to run doctests from the current directory '/CURRENT/DIRECTORY' since untrusted users could put files in this directory, making it unsafe to run Sage code from
I read through that ticket before posting, but I didn't (and still don't) see a solution to my problem. Admittedly I don't understand all of the issues talked about on that ticket. I created a test script in the same group writable directory I mentioned previously with the following content:
...
When I run this with python or sage, it runs fine. However, when I try to run the doctest, I get the same RuntimeError as before. I'm not sure how this fits into the discussion you referenced on trac, but it doesn't seem like the right behavior, unless I'm missing something.
Your problem arises from the fact that sage's python is patched to be a little more picky about permissions on paths.
So I suspect your group-writable directory sits in a directory with a different group ID (that would be the normal setup for, say, a group writeable directory in /home). Your use case shows perhaps that this is not such a great heuristic. On the other side, from a security point of view it's better than nothing.
I see several solutions:
- Change group ownership of the parent directory (that might need help from your sysadmin and it's very likely he'd have good reasons to object)
- Nest everything one level deeper: make a directory INSIDE your group-owned-and-writeable directory and put everything in there. I think that might be enough to circumvent the newly-devised test.
How come this only comes into play for doctesting and not for just running a script with sage? Using the example I posted before in the file example_script.py, I get
I also tried running it in a group writable directory in my home directory, which also failed. It seems to me that the documented behavior does not match the actual behavior.
That makes sense, but it didn't work for me:$ umask 002$ umask0002$ sage -t example_script.pyTraceback (most recent call last):...RuntimeError: refusing to run doctests from the current directory '/DIR1/DIR2' since untrusted users could put files in this directory, making it unsafe to run Sage code from
Hm, would you mind posting the results of:
$pwd
and then the permissions of all components, e.g.: if it's /home/user/sage
$ ls -dl /home
$ ls -dl /home/user
$ ls -dl /home/user/sage
$ ls -dl /home/user/sage/example_script.py
$ ls -dl `which sage`
You can apply some bijective map to the UIDs, GIDs, and directory names if you think that's required.
You might also want to see what kind of file system is mounted for this. I think there are network file systems that keep track of permissions via ACL and return garbage for unix permissions. That would definitely throw off Jeroen's heuristic (and problems like this is why the python devs are so reluctant to include a change like this)
I think what you are experiencing can be characterized as a "bug". Hopefully someone can fix it or find a work-around.