Hi there,

I've been looking at the various discussions on permissions and have one to add to the lot.

My server actually runs a script that changes ownership from 'nobody' to my username and they change the permissions of files or directories from rwxrwxrwx to rwx rx rx so everyday I have to manually change permissions.

Is there a way to get the scripts to run as my username so I can get around this problem.

Would umask 0; work for this?

Does anyone have any other solutions?

thanks for your insight.

peace.

Hi,

Ask your ISP not to do this? ;)

Another solution would be to run your scripts under cgiwrap/suEXEC so that the scripts all work off your username.

Cheers,

Alex
--
Gossamer Threads Inc.

I am also having problems. I dont have access to CHOWN or CHGRP, and my system admin wont install suEXEC as he says it opens up quite a lot of secutity holes. Is CGIWrap a better and more secure solution?

Thanks


Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

Sigh, not using suEXEC opens up more security holes, as one user on the system can affect files owned by other people on the system. CGIwrap is not better, suEXEC comes with Apache and is made by the people who made Apache. If it's not secure, then it's how it's setup, not the actual program.

You should be able to use FileMan to edit any files you don't have permission to edit via ftp/shell. It can recursively delete directories, and create backup files for you, so it should be quite useful.

Cheers,

Alex
--
Gossamer Threads Inc.

>>You should be able to use FileMan to edit any files you don't have permission to edit via ftp/shell.<<

That can't be good?...I assume you mean only owned by your username?

No, any files owned by the web server user (usually nobody).

That's why not using suEXEC is a bad idea. The web server runs your programs as it's own user (user nobody), so your programs have access to anything the web server does (including other users files).

If you were using suEXEC, then your program would run as your own username, and you would only be able to access your own files. Much more secure.

Cheers,

Alex
--
Gossamer Threads Inc.

Sorry I think we got our wires crossed.

You said:

>>You should be able to use FileMan to edit any files you don't have permission to edit via ftp/shell. It can recursively delete directories, and create backup files for you, so it should be quite useful.<<

....to Andy who said he didn't have suEXEC installed but then said:

>>That's why not using suEXEC is a bad idea<<

...and I was just a little confused.

Hi,

Because in theory (don't try this on your isp), you can use fileman to go into other people's directories and possibly edit, or at a minimum view their files. Using suEXEC or cgiwrap prevents this.

Of course if you are on a dedicated server, this is all moot. =)

Cheers,

Alex
--
Gossamer Threads Inc.