On Sat, 6 Feb 1999, Chris Evans wrote: > 1 -rwsr-xr-x 1 chris root 59 359 Feb 6 22:47 cp
This line means any user can execute the program 'cp' > The whoami reports "nobody" not "chris" (is that what you'd expect > gurus?), the cp, which is what I want, reports insufficient > permissions to create the files in the copy. OK. So the Apache process is running as user 'nobody' (mine runs as www-data as per the Debian distribution). You want 'nobody' to 'cp' a file to a directory. Does 'nobody' have permissions to write a file in the directory in question? The observations about 'chris' are not relevant. Set the permissions of the directory so 'nobody' can write to it. Do a 'su nobody -c cp SOURCE_FILE THE_DIR' as root to test. You may have to use the full PATH to the 'cp' command. If you check the documentation on Security, you will see that it is recommended that Apache process run as an abstract psudeo-user like 'www-data' (Debian install default). You spec the user in /etc/apache/httpd.conf and you only have to make sure that the user exists. It helps keep things straight. It also defines precisely how the files have been written to the directory. 'www-data' should be denied all logins. All files written with owner 'www-data' are therefore written by the Web Server (except for a security breach). You know where they came from. You can check your Web Stats to verify the URL was in fact hit. Besides, 'nobody' gets used for a bunch of other things. --------------------------------------------------------------------------- Gerard MacNeil, P. Eng [EMAIL PROTECTED] System Administrator Supercity Internet Services http://www.supercity.ns.ca
