Re: [PHP] FW: [ERR] RE: [PHP] tar and ownership

2003-11-21 Thread John Nichel 
Chris W. Parker wrote:
Your best bet is to refuse @hanmir.com altogether. This has been
happening for a long time (with different addresses all @hanmir.com) and
I imagine it will continue to happen.
Chris.
If I keep adding domains to my '/dev/null' list, I'm going to fill up 
null. ;)

--
By-Tor.com
It's all about the Rush
http://www.by-tor.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] tar and ownership

2003-11-21 Thread Marek Kilimajer 
Nigel Jones wrote:
it's part of Tar (see: tar --help)

I'm sure there are restrictions to Non-Root users (I don't think many *nix
developers are stupid enough to let open that sort of bug
The restrictions are always the same, the kernel will not allow non-root 
user to change ownership and will allow changing the group only to one 
you belong to. No workaround.

The --owner switch works only for root, --group switch works as above

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] tar and ownership

2003-11-21 Thread Marek Kilimajer 
Nigel Jones wrote:
it's part of Tar (see: tar --help)

I'm sure there are restrictions to Non-Root users (I don't think many *nix
developers are stupid enough to let open that sort of bug
The restrictions are always the same, the kernel will not allow non-root 
user to change ownership and will allow changing the group only to one 
you belong to. No workaroud.

The --owner switch works only for root, --group switch works as above

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] tar and ownership

2003-11-21 Thread Nigel Jones 
it's part of Tar (see: tar --help)

I'm sure there are restrictions to Non-Root users (I don't think many *nix
developers are stupid enough to let open that sort of bug

>> -Original Message-
>> From: Wouter van Vliet [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, November 22, 2003 8:53 AM
>> To: 'Nigel Jones'; 'Rodney Green'
>> Cc: [EMAIL PROTECTED]
>> Subject: RE: [PHP] tar and ownership
>>
>>
>> Nigel Jones wrote:
>> > I think if you are using the Unix Tar Version you can do tar
>> > -C /scripts/ -zxv -f  ./scripts/mailfiles.tar.gz
>> > --owner=REPLACEME --group=REPLACEME
>> >
>>
>> I sure hope this is NOT possible, since it would be a major security
>> problem. Think for example in terms of the php safe_mode. When you'd do
>> this, you would be able to create files as any user thinkable,
>> and thus well
>> .. Need I go any further.
>>
>> Knowing that 'chown' only lets you change the 'group' part of
>> the ownership
>> to a group you actually belong to FROM files that are owned by
>> yourself and
>> I think even the group part has to mach too.
>>
>>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] FW: [ERR] RE: [PHP] tar and ownership

2003-11-21 Thread Chris W. Parker 
Nigel Jones 
on Friday, November 21, 2003 11:44 AM said:

> I second that it's annoying
> 
> CC'ed to List Owner :P

Your best bet is to refuse @hanmir.com altogether. This has been
happening for a long time (with different addresses all @hanmir.com) and
I imagine it will continue to happen.


Chris.
--
Don't like reformatting your Outlook replies? Now there's relief!
http://home.in.tum.de/~jain/software/outlook-quotefix/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] tar and ownership

2003-11-21 Thread Wouter van Vliet 
Nigel Jones wrote:
> I think if you are using the Unix Tar Version you can do tar
> -C /scripts/ -zxv -f  ./scripts/mailfiles.tar.gz
> --owner=REPLACEME --group=REPLACEME
> 

I sure hope this is NOT possible, since it would be a major security
problem. Think for example in terms of the php safe_mode. When you'd do
this, you would be able to create files as any user thinkable, and thus well
.. Need I go any further.

Knowing that 'chown' only lets you change the 'group' part of the ownership
to a group you actually belong to FROM files that are owned by yourself and
I think even the group part has to mach too.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] FW: [ERR] RE: [PHP] tar and ownership

2003-11-21 Thread Nigel Jones 
I second that it's annoying

CC'ed to List Owner :P

>> -Original Message-
>> From: Wouter van Vliet [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, November 22, 2003 7:57 AM
>> To: 'PHP General list'
>> Subject: [PHP] FW: [ERR] RE: [PHP] tar and ownership
>> 
>> 
>> [EMAIL PROTECTED] wrote:
>> > Transmit Report:
>> > 
>> >  To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
>> 
>> Is someone able to unsubscribe [EMAIL PROTECTED] .. I'm getting 
>> annoyed by
>> all those "User inbox full" replies.
>> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] tar and ownership

2003-11-21 Thread Nigel Jones 
I think if you are using the Unix Tar Version you can do
tar -C /scripts/ -zxv -f
 ./scripts/mailfiles.tar.gz --owner=REPLACEME --group=REPLACEME

>> -Original Message-
>> From: Wouter van Vliet [mailto:[EMAIL PROTECTED]
>> Sent: Saturday, November 22, 2003 7:42 AM
>> To: 'Rodney Green'; [EMAIL PROTECTED]
>> Subject: RE: [PHP] tar and ownership
>>
>>
>> Rodney Green wrote:
>> > Marek Kilimajer wrote:
>> >
>> >> Rodney Green wrote:
>> >>
>> >>> Greetings!
>> >>>
>> >>> I'm writing a script that downloads a tarball from an FTP server and
>> >>> unpacks it into a directory. Here's the line of code that does this.
>> >>>
>> >>> exec("tar -C /scripts/ -zxv --preserve-permissions -f " .
>> >>> "/scripts/mailfiles.tar.gz") or die('Tar failed!');
>> >>>
>> >>> My problem is that the files' ownership is changed when the tarball
>> >>> is unpacked. I'm executing the script from a web browser and Apache
>> >>> is running as the user "apache" so the files are unpacked and
>> >>> ownership given to the user apache. How can I make it so the files
>> >>> will keep the original ownerships? This is important because the
>> >>> files are mail files and the script is used to restore the mail
>> >>> files from backup so the users can access them.
>> >>
>> >>
>> >> Only root can change file ownership.
>> >>
>> > Thanks for replying. Any suggestions on how to do this then?
>> >
>> > Rod
>>
>> Multiple solutions, some better, easier, faster or securer than others
>>
>>  - Make a 'cron' script, executing as root, which handles ownerships.
>>  - Make a 'cron' script, executing as your own user, that extracts
>> the tarball
>>  - Use the suexec wrapper, to change the using user of your virtual
>> host
>>  - Run Apache as another user
>>  - Make the users member of group 'apache', and give g+r file
>> permissions (group gets read)
>>
>> With some inspiration you can probably come up with a few more, just as I
>> could if I wanted too ;P
>>
>> Good luck!
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] FW: [ERR] RE: [PHP] tar and ownership

2003-11-21 Thread Wouter van Vliet 
[EMAIL PROTECTED] wrote:
> Transmit Report:
> 
>  To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])

Is someone able to unsubscribe [EMAIL PROTECTED] .. I'm getting annoyed by
all those "User inbox full" replies.
--- Begin Message ---
Rodney Green wrote:
> Marek Kilimajer wrote:
> 
>> Rodney Green wrote:
>> 
>>> Greetings!
>>> 
>>> I'm writing a script that downloads a tarball from an FTP server and
>>> unpacks it into a directory. Here's the line of code that does this.
>>> 
>>> exec("tar -C /scripts/ -zxv --preserve-permissions -f " .
>>> "/scripts/mailfiles.tar.gz") or die('Tar failed!');
>>> 
>>> My problem is that the files' ownership is changed when the tarball
>>> is unpacked. I'm executing the script from a web browser and Apache
>>> is running as the user "apache" so the files are unpacked and
>>> ownership given to the user apache. How can I make it so the files
>>> will keep the original ownerships? This is important because the
>>> files are mail files and the script is used to restore the mail
>>> files from backup so the users can access them.
>> 
>> 
>> Only root can change file ownership.
>> 
> Thanks for replying. Any suggestions on how to do this then?
> 
> Rod

Multiple solutions, some better, easier, faster or securer than others

- Make a 'cron' script, executing as root, which handles ownerships.
- Make a 'cron' script, executing as your own user, that extracts
the tarball
- Use the suexec wrapper, to change the using user of your virtual
host
- Run Apache as another user
- Make the users member of group 'apache', and give g+r file
permissions (group gets read)

With some inspiration you can probably come up with a few more, just as I
could if I wanted too ;P

Good luck!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--- End Message ---
-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] tar and ownership

2003-11-21 Thread Wouter van Vliet 
Rodney Green wrote:
> Marek Kilimajer wrote:
> 
>> Rodney Green wrote:
>> 
>>> Greetings!
>>> 
>>> I'm writing a script that downloads a tarball from an FTP server and
>>> unpacks it into a directory. Here's the line of code that does this.
>>> 
>>> exec("tar -C /scripts/ -zxv --preserve-permissions -f " .
>>> "/scripts/mailfiles.tar.gz") or die('Tar failed!');
>>> 
>>> My problem is that the files' ownership is changed when the tarball
>>> is unpacked. I'm executing the script from a web browser and Apache
>>> is running as the user "apache" so the files are unpacked and
>>> ownership given to the user apache. How can I make it so the files
>>> will keep the original ownerships? This is important because the
>>> files are mail files and the script is used to restore the mail
>>> files from backup so the users can access them.
>> 
>> 
>> Only root can change file ownership.
>> 
> Thanks for replying. Any suggestions on how to do this then?
> 
> Rod

Multiple solutions, some better, easier, faster or securer than others

- Make a 'cron' script, executing as root, which handles ownerships.
- Make a 'cron' script, executing as your own user, that extracts
the tarball
- Use the suexec wrapper, to change the using user of your virtual
host
- Run Apache as another user
- Make the users member of group 'apache', and give g+r file
permissions (group gets read)

With some inspiration you can probably come up with a few more, just as I
could if I wanted too ;P

Good luck!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] tar and ownership

2003-11-21 Thread Eugene Lee 
On Fri, Nov 21, 2003 at 01:10:28PM -0500, Rodney Green wrote:
: Marek Kilimajer wrote:
: >Rodney Green wrote:
: >>
: >>I'm writing a script that downloads a tarball from an FTP server and 
: >>unpacks it into a directory. Here's the line of code that does this.
: >>
: >>exec("tar -C /scripts/ -zxv --preserve-permissions -f " . 
: >>"/scripts/mailfiles.tar.gz") or die('Tar failed!');
: >>
: >>My problem is that the files' ownership is changed when the tarball 
: >>is unpacked. I'm executing the script from a web browser and Apache 
: >>is running as the user "apache" so the files are unpacked and 
: >>ownership given to the user apache. How can I make it so the files 
: >>will keep the original ownerships? This is important because the 
: >>files are mail files and the script is used to restore the mail files 
: >>from backup so the users can access them.
: >
: >Only root can change file ownership.
: 
:Thanks for replying. Any suggestions on how to do this then?

sudo?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] tar and ownership

2003-11-21 Thread Rodney Green 
Marek Kilimajer wrote:

Rodney Green wrote:

Greetings!

I'm writing a script that downloads a tarball from an FTP server and 
unpacks it into a directory. Here's the line of code that does this.

exec("tar -C /scripts/ -zxv --preserve-permissions -f " . 
"/scripts/mailfiles.tar.gz") or die('Tar failed!');

My problem is that the files' ownership is changed when the tarball 
is unpacked. I'm executing the script from a web browser and Apache 
is running as the user "apache" so the files are unpacked and 
ownership given to the user apache. How can I make it so the files 
will keep the original ownerships? This is important because the 
files are mail files and the script is used to restore the mail files 
from backup so the users can access them.


Only root can change file ownership.

   Thanks for replying. Any suggestions on how to do this then?

   Rod

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] tar and ownership

2003-11-21 Thread Marek Kilimajer 
Rodney Green wrote:

Greetings!

I'm writing a script that downloads a tarball from an FTP server and 
unpacks it into a directory. Here's the line of code that does this.

exec("tar -C /scripts/ -zxv --preserve-permissions -f " . 
"/scripts/mailfiles.tar.gz") or die('Tar failed!');

My problem is that the files' ownership is changed when the tarball is 
unpacked. I'm executing the script from a web browser and Apache is 
running as the user "apache" so the files are unpacked and ownership 
given to the user apache. How can I make it so the files will keep the 
original ownerships? This is important because the files are mail files 
and the script is used to restore the mail files from backup so the 
users can access them.
Only root can change file ownership.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php