Andre, Yes, it has to be a permissions issue. Here's one thing that has gotten me in the past. Make sure that the directory (and ones above it) for grafitti.dat have the same permissions and are owned and grouped exactly as grafitti.dat is. Try that and let me know what happens. Also, check your Apache error_log for error messages and they might help you pinpoint the problem.
As for your original question, nobody is just an ordinary user like any other. The only thing is that the nobody account is disabled so that nobody can log in in the normal way. The purpose of having such an account is to limit the power of processes that run as this user and to partition them off to some extent from other users although there seems to be something of a trend nowadays to run various services as their own separate users (eg, in Debian: www-data for Apache, proxy for squid, et al.) If you want to know why 'nobody' is not singled out as a specially restricted user then I can only give you my explanation and I don't know how authoritative that is. Firstly the Unix model says there are two types of users: superusers (uid=0) and ordinary users (uid!=0). Many would argue that this approach is the reason Unix security is such a problem so the question of whether introducing a new users with varying privileges would actually help or not would need to be considered carefully. Perhaps the main reason why it hasn't been done so far is that there is little need. If you and I both have an account on the system, can I delete your files? Hopefully not -- unless you have specifically given a group I am in this privilege (or, heaven forbid, the dreaded 'other'). If you have private files then hopefully you have set the permissions/umask appropriately hence I can't read these either. Consequently, we are both unprivileged users and only ourselves (or, more correctly, processes with our uid) can do any damage to our files (unless permission is granted otherwise). Hence use of the nobody limits the damage that can be done to 'nobody': a user who owns virtually nothing and can only access (read/write) files to which r/w permission has been granted to "other" -- how more unprivileged could this be? (Perhaps rlimits could be permanently enforced but in some ways perhaps this is the responsiblity of the application process, not the user id it runs as.) As I said, this is just my opinion and someone else can probably provide a better answer. :) Hope this helps, Kevin ----- Original Message ----- From: "Andre Dubuc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 09, 2002 2:14 PM Subject: [newbie] Permissions: Nobody in Apache + PHP > Finally, I have working copies of Apache 1.3.22 and PHP 4.1.1 on my LM8.0 > box. Apache has been set up with "nobody' permissions, and I write test > scripts as root and place them in /home/web/apache/htdocs. > > I can read scripts from this directory, but I've tried to use: > . . . excerpt . . . > > $filename = "/tmp/graffiti.dat"; > $handle = fopen ($filename, "a+"); > fputs ($handle, $graffiti); [I've also tried fwrite] > fclose($handle); > > . . . followed by a form that takes $graffiti as input . . . and then a php > script that displays the contents of the appended $filename . . . > > And no matter what I try, nothing is written to "graffiti.dat" -- I've > checked that it is writeable. Somehow, I think it's related to permissions > and the group "nobody". I've written the script as root, and another as user. > Neither works. Apache (temporarily) is run at root -- I'm just learning > Apache and PHP -- this is a developmental setup, not connected to the outside. > > If there are any gurus that can help me, I'd appreciate it. Permissions are > set otherwise to 755. > > I'm obviously not clear on the concept of "nobody" and how it affects running > of scripts. Who cn arun these, if it's set to "nobody"? > > Tia, > Andre > > > > > -- > Please pray the Holy Rosary to end the holocaust of abortion. > Remember in your prayers the suffering souls in Purgatory. > > May God bless you abundantly in His love! > > For a free Cenacle Scriptural Rosary Booklet -- http://www.webhart.net/csrb/ > > > ---------------------------------------------------------------------------- ---- > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
