Permission Problems
I had recently posted a script that was to add customers to a bandwidth graphing utility (titled "Funkyness about escaping an @), and I would like to thank the people who posted. And FYI triple escaping the @ was the answer. Now I am having a problem with file permissions. Run from the command line the script works just fine. Run via the web (how it will beimplemented) it is run as user "nobody" and group "nobody". The file name is /usr/local/apache/htdocs/fooness.cfg The script runs from /usr/local/apache/cgi-bin/add_mrtg.pl the string I am using is: system "perl -p -i -e 's! END DSL BUSINESS ACCOUNTS #!$profile\n END DSL BUSINESS ACCOUNTS #!g' /usr/local/apache/htdocs/mrtg/fooness.cfg"; $profile is defined eariler in the script. the apache error log says: Can't remove /usr/local/apache/htdocs/mrtg/fooness.cfg: Permission denied, skipping file. I have played with chown but the fact is "nobody" can't chown a file that belongs to "root". For grins I did: chown nobody:nobody ./fooness.cfg chmod 666 ./fooness.cfg Again any constructive help is greatly appreciated, Josh -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission Problems
On Thu, Sep 26, 2002 at 11:16:46AM -1000, Korthrun wrote: > The file name is /usr/local/apache/htdocs/fooness.cfg > The script runs from /usr/local/apache/cgi-bin/add_mrtg.pl > the string I am using is: > system "perl -p -i -e 's! END DSL BUSINESS ACCOUNTS > #!$profile\n END DSL BUSINESS ACCOUNTS > #!g' /usr/local/apache/htdocs/mrtg/fooness.cfg"; > $profile is defined eariler in the script. > the apache error log says: > > Can't remove /usr/local/apache/htdocs/mrtg/fooness.cfg: Permission denied, > skipping file. > > I have played with chown but the fact is "nobody" can't chown a file > that belongs to "root". For grins I did: > > chown nobody:nobody ./fooness.cfg > chmod 666 ./fooness.cfg Ok, let me get this straight. As the user 'nobody' you're trying to modify the contents and/or attributes of a file owned by another user, namely 'root'. Did you expect this modification to work? If so, why? Are you unfamiliar with Unix? There is no way 'nobody' is going to be able to modify the attributes of a file not owned by 'nobody'. If you want 'nobody' to be able to modify the contents of the file then 'nobody' will either need to be made owner of the file by the current owner, or the current owner has to make it writeable to a group 'nobody' belongs to, or everyone. Also, if this file is of any importance, making it writeable by 'nobody' is a security risk. 'nobody' is supposed to have the least privilege on the system, and your web server apparently runs as the user 'nobody', so anybody else with CGI access will be able to modify this file. I shouldn't need to mention the even greater security risk involved in giving write permission to everyone, as chmod 666 fooness.cfg would do. The best solution is to use a CGI wrapper, such as cgiwrap or suexec, to run the CGI script as another user. This other user should be the only user with write access to the file. Michael -- Administrator www.shoebox.net Programmer, System Administrator www.gallanttech.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission Problems
To clarify in my earlier posting, the part where I say, I have played with chown but the fact is "nobody" can't chown a file that belongs to "root". For grins I did: chown nobody:nobody ./fooness.cfg chmod 666 ./fooness.cfg I meant that I issued those commands from the command line. So even with the file owned by nobody and everything is world read/writable I still get a permission denied error. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission Problems
Josh wrote: > To clarify in my earlier posting, the part where I say, > > I have played with chown but the fact is "nobody" can't chown a > file > that belongs to "root". For grins I did: > > chown nobody:nobody ./fooness.cfg > chmod 666 ./fooness.cfg > > I meant that I issued those commands from the command line. So even with > the file owned by nobody and everything is world read/writable I still get > a permission denied error. that's interesting! even the file is world read/writable, you still have the permission denied error. hum... could it be that another process is locking up the file? david -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission Problems
On Fri, Sep 27, 2002 at 09:36:41AM -1000, Josh wrote: > I meant that I issued those commands from the command line. So even with > the file owned by nobody and everything is world read/writable I still get > a permission denied error. What does ls -l on the file output? In your program, what are the values for $> and $< (printed to STDERR, or a log file, or something)? What are the permissions on the intervening directories? I.e. if the file is /etc/apache/fooness.cfg, what does ls -l say for /etc and /etc/apache? You should not be getting a permissions denied error if what you say is true, so there must be something missing that is restricting your permission. Michael -- Administrator www.shoebox.net Programmer, System Administrator www.gallanttech.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
