CGI file ownership

Discussion in 'Perl Misc' started by Andrew, Jul 24, 2004.

  1. Andrew

    Andrew Guest

    Hi all and thanks for any help given!,
    I am currently building a web page with cgi's that create text files
    to store data. When it does this it is saving the file with ownership
    of apache, and i want to change the ownership of the file to a lesser
    owner (the one where the webpage is stored). I have tried some comands
    and variations of the commands with no sucess!. is there anyone that
    knows how to change the ownership (hardlink) to a lesser owner?, if so
    could you please provide the line of code and how it works =)
    Thanks Heaps
    Andrew
     
    Andrew, Jul 24, 2004
    #1
    1. Advertising

  2. Andrew

    Bob Walton Guest

    Andrew wrote:

    ....


    > I am currently building a web page with cgi's that create text files
    > to store data. When it does this it is saving the file with ownership
    > of apache, and i want to change the ownership of the file to a lesser
    > owner (the one where the webpage is stored). I have tried some comands
    > and variations of the commands with no sucess!. is there anyone that
    > knows how to change the ownership (hardlink) to a lesser owner?, if so
    > could you please provide the line of code and how it works =)

    ....


    > Andrew
    >


    You don't say what your OS is, but I assume is it some flavor of Unix.
    Generally, file ownership is changed with the chown command. But it
    probably is restricted to only be run by root. Do:

    perldoc -f chown

    and

    man chown

    for your OS to see the details for your system -- the details vary quite
    a bit.
    --
    Bob Walton
    Email: http://bwalton.com/cgi-bin/emailbob.pl
     
    Bob Walton, Jul 24, 2004
    #2
    1. Advertising

  3. On 24 Jul 2004 10:16:31 -0700, Andrew <> wrote:
    > Hi all and thanks for any help given!,
    > I am currently building a web page with cgi's that create text files
    > to store data. When it does this it is saving the file with ownership
    > of apache, and i want to change the ownership of the file to a lesser
    > owner (the one where the webpage is stored). I have tried some comands
    > and variations of the commands with no sucess!. is there anyone that
    > knows how to change the ownership (hardlink) to a lesser owner?, if so
    > could you please provide the line of code and how it works =)
    > Thanks Heaps
    > Andrew


    It may be better to run the CGI under suexec (or cgiwrap) as the user you
    want to save it as, then the CGI could be run with 700 permission and
    access files with 600 permission. Or in the absense of suexec or cgiwrap,
    you could run the script suid as the desired user (usually requires suid
    binary wrapper, since suid for scripts is typically ignored).

    If for security reasons chown does not allow you to change owner, or group
    [assuming that apache and only desired user(s) are members of that group],
    the only other option is to leave it wide open with insecure chmod 0666
    (or perhaps less depending upon group or others). If you then as the
    desired user, change owner/group, the CGI may no longer be able to modify
    or delete the files, depending upon permissions at that time.

    So unless this is your own private server, it would be better to have your
    CGI somehow run as the desired user, than to leave the files vulnerable
    until you have a chance to modify ownership and permissions.

    BTW never give any file 777 permission, since that would allow any user to
    modify and execute it.

    --
    David Efflandt - All spam ignored http://www.de-srv.com/
     
    David Efflandt, Jul 24, 2004
    #3
  4. Andrew

    Robin Guest

    "Andrew" <> wrote in message
    news:...
    > Hi all and thanks for any help given!,
    > I am currently building a web page with cgi's that create text files
    > to store data. When it does this it is saving the file with ownership
    > of apache, and i want to change the ownership of the file to a lesser
    > owner (the one where the webpage is stored). I have tried some comands
    > and variations of the commands with no sucess!. is there anyone that
    > knows how to change the ownership (hardlink) to a lesser owner?, if so
    > could you please provide the line of code and how it works =)
    > Thanks Heaps
    > Andrew


    perl has a built in command for this, see the documentation, perldoc -f
    chown, also, you could always use system or exec, but it is unadvisable.
    -Robin
     
    Robin, Jul 25, 2004
    #4
  5. Andrew

    Andrew Guest

    Thanks All that have replied so quick,
    I should have put more OS system info (linux-RedHat 9), and i forgot
    to mention that i want the cgi to do it after it create the file. I
    think That David answered my question enough that i can do some
    research and hopefully solve my problem.
    Thanks All
    Andrew
     
    Andrew, Jul 25, 2004
    #5
  6. Andrew

    Joe Smith Guest

    Robin wrote:

    > perl has a built in command for this,


    That's true, but chown() is not usable unless the web server is
    running as root, which is not likely. (And would be an unacceptable
    security risk if it was.)
    -Joe
     
    Joe Smith, Jul 25, 2004
    #6
  7. Robin wrote:

    > perl has a built in command for this, see the documentation, perldoc -f
    > chown, also, you could always use system or exec, but it is unadvisable.


    Robin, you might think that you're being "trendy" or "cool" by shouting
    "RTFM", but in truth you're making a fool of yourself. It doesn't matter
    in this case whether the external chown command or internal chown()
    function is used - both require root access, which is the advice given
    above by people far better qualified to give it.

    sherm--

    --
    Cocoa programming in Perl: http://camelbones.sourceforge.net
    Hire me! My resume: http://www.dot-app.org
     
    Sherm Pendley, Jul 25, 2004
    #7
  8. Andrew

    Robin Guest

    "Mike Heins" <> wrote in message
    news:...
    > In article <>, Sherm Pendley wrote:
    > > Robin wrote:
    > >
    > >> perl has a built in command for this, see the documentation, perldoc -f
    > >> chown, also, you could always use system or exec, but it is

    unadvisable.
    > >
    > > Robin, you might think that you're being "trendy" or "cool" by shouting
    > > "RTFM", but in truth you're making a fool of yourself. It doesn't matter
    > > in this case whether the external chown command or internal chown()
    > > function is used - both require root access, which is the advice given
    > > above by people far better qualified to give it.

    >
    > Au contraire -- some operating systems allow you to "give away" a
    > file you own. True, not any that I know of are in common use ; but
    > it is possible.
    >
    > And, presumably, using the system documentation would be the
    > authoritative reference for that.


    yeah. and we don't know his os.
    -robin
     
    Robin, Jul 25, 2004
    #8
  9. Mike Heins wrote:

    > And, presumably, using the system documentation would be the
    > authoritative reference for that.


    Two points:

    Robin specifically referred to 'perldoc -f chown' - i.e. the standard
    perl docs for the built-in chown() function. There is no mention in that
    of these caveats.

    Second, Robin has a history here. This is not the first time he's tried
    to be "kewl" by posting an RTFM response that turned out to be utterly
    clueless. He saw this was a question about changing ownership, and tried
    to imitate what he imagines is how a "guru" would answer the question.

    sherm--

    --
    Cocoa programming in Perl: http://camelbones.sourceforge.net
    Hire me! My resume: http://www.dot-app.org
     
    Sherm Pendley, Jul 25, 2004
    #9
  10. Sherm Pendley wrote:
    > Mike Heins wrote:
    >
    >> And, presumably, using the system documentation would be the
    >> authoritative reference for that.

    >
    > Two points:
    >
    > Robin specifically referred to 'perldoc -f chown' - i.e. the standard
    > perl docs for the built-in chown() function. There is no mention in
    > that of these caveats.


    Really? The version I have includes

    On most systems, you are not allowed to change the ownership of
    the file unless you're the superuser, [...]

    jue
     
    Jürgen Exner, Jul 25, 2004
    #10
  11. In article <>,
    Mike Heins <> wrote:
    :Au contraire -- some operating systems allow you to "give away" a
    :file you own. True, not any that I know of are in common use ; but
    :it is possible.

    IRIX. But I guess that doesn't really qualify as being in "common use"
    anymore.


    http://techpubs.sgi.com/library/tpl...an&fname=/usr/share/catman/u_man/cat1/chgrp.z

    Only the owner of a file (or the superuser) may change the owner or group
    of that file.

    However, if the variable restricted_chown is enabled (see intro(2) and
    systune(1M)) then only the superuser can change the owner of the file,
    because if users were able to give files away, they could defeat the file
    space accounting procedures.


    On the other hand, Solaris probably still qualifies as being in
    common use:

    http://docs.sun.com/db/doc/816-0210/6m6nb7m5t?a=view

    Only the owner of a file (or the super-user) may change the owner
    of that file.

    The operating system has a configuration option
    {_POSIX_CHOWN_RESTRICTED}, to restrict ownership changes. When this
    option is in effect the owner of the file is prevented from
    changing the owner ID of the file. Only the super-user can
    arbitrarily change owner IDs whether or not this option is in
    effect. [...]

    {_POSIX_CHOWN_RESTRICTED} is enabled by default.


    So Solaris allows admins to enable the behaviour.
    --
    *We* are now the times. -- Wim Wenders (WoD)
     
    Walter Roberson, Jul 25, 2004
    #11
  12. Jürgen Exner wrote:

    > Sherm Pendley wrote:
    >
    >>Mike Heins wrote:
    >>
    >>
    >>>And, presumably, using the system documentation would be the
    >>>authoritative reference for that.

    >>
    >>Two points:
    >>
    >>Robin specifically referred to 'perldoc -f chown' - i.e. the standard
    >>perl docs for the built-in chown() function. There is no mention in
    >>that of these caveats.

    >
    >
    > Really? The version I have includes
    >
    > On most systems, you are not allowed to change the ownership of
    > the file unless you're the superuser, [...]


    Exactly. As you've kindly shown here, the Perl docs do mention the fact
    that not *all* systems require root permissions. But they are absolutely
    *not* an "authoritative reference" that will tell you the specific
    behavior of the system you're on.

    sherm--

    --
    Cocoa programming in Perl: http://camelbones.sourceforge.net
    Hire me! My resume: http://www.dot-app.org
     
    Sherm Pendley, Jul 25, 2004
    #12
  13. Perusion Hostmaster wrote:

    > I don't make too many of them, but I am willing to believe that
    > repeated RTFM responses will actually get a few people to do it.


    RTFM, if a pointer to which FM should be R'd is included, can be a good
    response. After all, if a good explanation has already been written,
    going to the trouble of writing another seems a waste.

    My issue with Robin's response isn't the "RTFM-ness" of it. It's that
    Robin issues such responses because he thinks snide, RTFM responses will
    make him look "kewl" and help him "fit in". He tries to pretend to a
    much higher clue level than he actually has.

    Like I said earlier, he has a history here - have a look at the archives
    at Google, and you'll see what I mean. His posting history shows that
    any resemblance between useful information and one of his posts is
    purely coincidental.

    sherm--

    --
    Cocoa programming in Perl: http://camelbones.sourceforge.net
    Hire me! My resume: http://www.dot-app.org
     
    Sherm Pendley, Jul 26, 2004
    #13
  14. Andrew

    Rich Grise Guest

    Andrew wrote:

    > Hi all and thanks for any help given!,
    > I am currently building a web page with cgi's that create text files
    > to store data. When it does this it is saving the file with ownership
    > of apache, and i want to change the ownership of the file to a lesser
    > owner (the one where the webpage is stored). I have tried some comands
    > and variations of the commands with no sucess!. is there anyone that
    > knows how to change the ownership (hardlink) to a lesser owner?, if so
    > could you please provide the line of code and how it works =)
    > Thanks Heaps
    > Andrew


    This is not a perl question.

    Every time I've ever run a CGI, it's run as nobody, and the file ownership
    is nobody. I don't know how it's done, because it's just been that way
    on every system I've done CGI on, but I'm guessing it has something to
    do with either Apache's config or its invocation.

    In other words, it happens completely outside the scope of your script.

    try man httpd .

    Good Luck!
    Rich
     
    Rich Grise, Aug 4, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike

    Tomcat file ownership

    Mike, Feb 28, 2006, in forum: Java
    Replies:
    0
    Views:
    379
  2. Benden Ziyade

    File ownership check

    Benden Ziyade, Mar 18, 2005, in forum: C Programming
    Replies:
    2
    Views:
    363
    -berlin.de
    Mar 18, 2005
  3. Jason Hsu
    Replies:
    2
    Views:
    216
    Michael Poeltl
    Aug 15, 2011
  4. superfly2

    chown and file ownership

    superfly2, Jul 21, 2004, in forum: Perl Misc
    Replies:
    3
    Views:
    154
    Jürgen Exner
    Jul 22, 2004
  5. Replies:
    6
    Views:
    155
Loading...

Share This Page