-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, May 18, 2016 at 10:45:12PM -0500, David Wright wrote: > I feel I've been warned off commenting here in case I come across as a > pontificating know-it-all who's insisting that you do everything in > "My Way" [...]
;-) Yes, I totally agree with David's analysis here. The problem is the "mv", and the root is in /opt's permissions. Since the script didn't change, /opt must have been writable by gene in the past, and not in the present. Opt's permissions (04755) are "correct", by default /opt shouldn't be world writable. You might "fix" your problem by making it so, but you should know the other side of the deal (is this a public Web server? What if someone hijacks the Apache -- or one of its underling CGI scripts and starts scribbling over /opt? Things like that). What I'd do Consider making a subdirectory of /opt dedicated to whatever you are doing with these scripts and setting its ownership to gene (start as restricted as possible with that and widen as necessary, e.g. to make parts of it readable to www-data via the group as your scripts seem to do already. regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlc9df8ACgkQBcgs9XrR2ka7SQCeJJfj2UGgaMfzHEZ4IH8utE33 KmIAnj1+IXCJuPBiVMHvirRqNDJytD+4 =Q2vv -----END PGP SIGNATURE-----