new one on chmod & file perms. would this work?

cdxrevvved

Question:

Ive about given up on linux, at least in the aspect of a script for filemanagement from remote pc's...

However, here is a thought. Since Im new to linux, I know apache runs as a user, therefore in order to create a directory or file remotely, the directory owner would need to be apache, correct?

Well, can I do a chowner for the directory to apache, then do whatever (upload, create file, etc), then do a chowner back to the original owner?

or does the apache process usually not have that great of permissions.. I dont think it does, but im stumped and about to give up...

All ideas and suggestions welcome...

Also, how do half the other scripts for filemanagement work properly on linux? or do they? Ive never tried...

davetshave

If you made a directory which apache owns and over which apache has complete control then surely your problem is solved? you would be able to do all the file management your heart could desire. Why would you want to let apache muck around in other directories on your server?

If you really want the full power of being root then you have to find out more about using apache as a CGI, Theeper explained that in the previous thread.

Maybe if you gave some more specific examples then it would be easier to answer your questions. Good luck with Linux, the curve is steep but it really is worth the effort in the long run.

Greetings,

DaveTshave.

cdxrevvved

Problem is, at this point its not worth it.. For this file management utility, the idea was to have the user uplaod the files to their webserver, then bam.. they can edit it from anywhere..

As you can guess, I cant find a universal way to make sure that every server will give every user full permissions to read/write/modify etc on their webserver...

basically it works for me in windows, I was just looking to expand and give it to everyone else... besides, right now, I need to just use the code (as is) so I can access my server from work and get to work on all the other projects I put on hold..

Maybe when I have a little more time, I'll pursue this furthur..

Thx for your help tho.. 🙂

miahfost

This is extremely dangerous. It has some serious security side-effects, for example if you allowed users to create their own executable files they could create a script like;

rm -rf /*

which would wipe out your hard drive.

If you really want to do this, look into a chroot jail or running the executable in user mode.

Jeremiah

davetshave

I am working on a project which is designed to enable users to upload documents of any type to a webserver and then retrieve it later. I use php to store the files in a directory below the web root. It then streams the files across on demand. Furthermore I store the files as a set of increasing numbers with no extension. The actual file names are stored in a database. Under linux the directory where the files are located is marked as non-executable.

Have I avoided the security risks you identified in your previous post or am I asking for the mother of all fuckups (excuse my french please)?

Greetings,

DaveTshave.

miahfost

There are three entities listed on the directory permissions mode line; owner, group, and everyone. If the permissions are set to;
dwrxwr-wr- then people will be able to read and write to that directory.

But they may write a file like remove.sh, which they own. So they could chmod it's permissions to 777 or wrxwrxwrx.

The file might be a shell script like this;

rm -rf /* (or remove recursively everything forcibly starting from the root.)

Even if you changed the directory permissions to drwx------, which will prevent anyone but the owner of that directory to read, write, or execute files there, they could still write a script and execute it so that it would affect a different directory. This they could do by writing an html file in php like this: <? exec "rm -rf /*" ?>. So they do not even need to telnet or shell in to execute some harmful magic.

So I would say that this is not sufficient security, at least not for someone who knows a small amount about computers and has access to the internet.

Make sure unauthorized users are kept out by password protecting you site with passwords. (Google .htaccess)

Jeremiah

As a note I might say that the term "streaming" is limited to audio or video files. Web servers tend to return text files "chunked" or in packets.