Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > CGI file ownership

Reply
Thread Tools

CGI file ownership

 
 
Andrew
Guest
Posts: n/a
 
      07-24-2004
Hi all and thanks for any help given!,
I am currently building a web page with cgi's that create text files
to store data. When it does this it is saving the file with ownership
of apache, and i want to change the ownership of the file to a lesser
owner (the one where the webpage is stored). I have tried some comands
and variations of the commands with no sucess!. is there anyone that
knows how to change the ownership (hardlink) to a lesser owner?, if so
could you please provide the line of code and how it works =)
Thanks Heaps
Andrew
 
Reply With Quote
 
 
 
 
Bob Walton
Guest
Posts: n/a
 
      07-24-2004
Andrew wrote:

....


> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)

....


> Andrew
>


You don't say what your OS is, but I assume is it some flavor of Unix.
Generally, file ownership is changed with the chown command. But it
probably is restricted to only be run by root. Do:

perldoc -f chown

and

man chown

for your OS to see the details for your system -- the details vary quite
a bit.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl

 
Reply With Quote
 
 
 
 
David Efflandt
Guest
Posts: n/a
 
      07-24-2004
On 24 Jul 2004 10:16:31 -0700, Andrew <(E-Mail Removed)> wrote:
> Hi all and thanks for any help given!,
> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)
> Thanks Heaps
> Andrew


It may be better to run the CGI under suexec (or cgiwrap) as the user you
want to save it as, then the CGI could be run with 700 permission and
access files with 600 permission. Or in the absense of suexec or cgiwrap,
you could run the script suid as the desired user (usually requires suid
binary wrapper, since suid for scripts is typically ignored).

If for security reasons chown does not allow you to change owner, or group
[assuming that apache and only desired user(s) are members of that group],
the only other option is to leave it wide open with insecure chmod 0666
(or perhaps less depending upon group or others). If you then as the
desired user, change owner/group, the CGI may no longer be able to modify
or delete the files, depending upon permissions at that time.

So unless this is your own private server, it would be better to have your
CGI somehow run as the desired user, than to leave the files vulnerable
until you have a chance to modify ownership and permissions.

BTW never give any file 777 permission, since that would allow any user to
modify and execute it.

--
David Efflandt - All spam ignored http://www.de-srv.com/
 
Reply With Quote
 
Robin
Guest
Posts: n/a
 
      07-25-2004

"Andrew" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi all and thanks for any help given!,
> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)
> Thanks Heaps
> Andrew


perl has a built in command for this, see the documentation, perldoc -f
chown, also, you could always use system or exec, but it is unadvisable.
-Robin


 
Reply With Quote
 
Andrew
Guest
Posts: n/a
 
      07-25-2004
Thanks All that have replied so quick,
I should have put more OS system info (linux-RedHat 9), and i forgot
to mention that i want the cgi to do it after it create the file. I
think That David answered my question enough that i can do some
research and hopefully solve my problem.
Thanks All
Andrew
 
Reply With Quote
 
Joe Smith
Guest
Posts: n/a
 
      07-25-2004
Robin wrote:

> perl has a built in command for this,


That's true, but chown() is not usable unless the web server is
running as root, which is not likely. (And would be an unacceptable
security risk if it was.)
-Joe
 
Reply With Quote
 
Sherm Pendley
Guest
Posts: n/a
 
      07-25-2004
Robin wrote:

> perl has a built in command for this, see the documentation, perldoc -f
> chown, also, you could always use system or exec, but it is unadvisable.


Robin, you might think that you're being "trendy" or "cool" by shouting
"RTFM", but in truth you're making a fool of yourself. It doesn't matter
in this case whether the external chown command or internal chown()
function is used - both require root access, which is the advice given
above by people far better qualified to give it.

sherm--

--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
 
Reply With Quote
 
Robin
Guest
Posts: n/a
 
      07-25-2004

"Mike Heins" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In article <(E-Mail Removed)>, Sherm Pendley wrote:
> > Robin wrote:
> >
> >> perl has a built in command for this, see the documentation, perldoc -f
> >> chown, also, you could always use system or exec, but it is

unadvisable.
> >
> > Robin, you might think that you're being "trendy" or "cool" by shouting
> > "RTFM", but in truth you're making a fool of yourself. It doesn't matter
> > in this case whether the external chown command or internal chown()
> > function is used - both require root access, which is the advice given
> > above by people far better qualified to give it.

>
> Au contraire -- some operating systems allow you to "give away" a
> file you own. True, not any that I know of are in common use ; but
> it is possible.
>
> And, presumably, using the system documentation would be the
> authoritative reference for that.


yeah. and we don't know his os.
-robin


 
Reply With Quote
 
Sherm Pendley
Guest
Posts: n/a
 
      07-25-2004
Mike Heins wrote:

> And, presumably, using the system documentation would be the
> authoritative reference for that.


Two points:

Robin specifically referred to 'perldoc -f chown' - i.e. the standard
perl docs for the built-in chown() function. There is no mention in that
of these caveats.

Second, Robin has a history here. This is not the first time he's tried
to be "kewl" by posting an RTFM response that turned out to be utterly
clueless. He saw this was a question about changing ownership, and tried
to imitate what he imagines is how a "guru" would answer the question.

sherm--

--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
 
Reply With Quote
 
Jürgen Exner
Guest
Posts: n/a
 
      07-25-2004
Sherm Pendley wrote:
> Mike Heins wrote:
>
>> And, presumably, using the system documentation would be the
>> authoritative reference for that.

>
> Two points:
>
> Robin specifically referred to 'perldoc -f chown' - i.e. the standard
> perl docs for the built-in chown() function. There is no mention in
> that of these caveats.


Really? The version I have includes

On most systems, you are not allowed to change the ownership of
the file unless you're the superuser, [...]

jue


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ownership of a file in unix file system spam_filter@invalid.nil Perl Misc 6 07-25-2011 07:46 PM
impossible to delete file because it is impossible to take ownership Devvie Nuis Computer Support 21 04-20-2009 02:07 AM
Question for you Vista Techies.........File ownership & Possession Fu Schnickens Computer Support 5 04-22-2007 05:34 PM
Tomcat file ownership Mike Java 0 02-28-2006 09:39 PM
File ownership check Benden Ziyade C Programming 2 03-18-2005 09:55 AM



Advertisments