How to set file attributes

J

John

I have set up my own counter.pl on my web page.

The counter saves the visitation count to a text file called "count.txt".
How do I create the file (and later open) with file attributes that prevent
others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
is not real).
 
J

J. Gleixner

John said:
I have set up my own counter.pl on my web page.

Congratulations, you've just wasted a few hours of your time. :)

perldoc -q "I still don't get locking."
The counter saves the visitation count to a text file called "count.txt".
How do I create the file (and later open) with file attributes that prevent
others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
is not real).

Nothing to do with perl. Only files under the DOCUMENT_ROOT are
typically viewable, so write 'count.txt' to another directory,
like /tmp.
 
J

Joost Diepenmaat

John said:
I have set up my own counter.pl on my web page.

The counter saves the visitation count to a text file called
"count.txt". How do I create the file (and later open) with file
attributes that prevent others reading the file, ie. going to
www.johnsmith.com/count.txt (the www here is not real).

Unless you've got some special setup, evey visitor to the site runs as
the same user (whatever the webserver runs at). That means that if your
server code can read and write the file, then so can the webserver
itself.

What you want to do is prevent the file from being served to the
web. One way to do that is to put it outside the publically accessible
file tree(s). Another is to explicitly block it using whatever
mechanism your webserver provides.

For the latter approach on apache, you can use mod_access. See also:

<http://www.ducea.com/2006/07/21/apache-tips-tricks-deny-access-to-
certain-file-types/>
 
T

Tony Curtis

J. Gleixner said:
Nothing to do with perl. Only files under the DOCUMENT_ROOT are
typically viewable, so write 'count.txt' to another directory,
like /tmp.

Off-topic, but.../tmp could easily be memory-based, so I wouldn't write
there.

hth
t
 
J

John Bokma

Joost Diepenmaat said:
What you want to do is prevent the file from being served to the
web. One way to do that is to put it outside the publically accessible
file tree(s). Another is to explicitly block it using whatever
mechanism your webserver provides.

What might work (depending on your webserver config) is using a . in
front, e.g.

..counter.txt

*However* as others suggested, move it out of the document root (and chmod
your htdocs/www/web/whatever document root dir back to the value it had
before).
 
J

John

Jim Gibson said:
It depends upon the operating system. Under Unix, you would create the
file with an editor, the cat command, or the touch command (see 'man
cat', etc.). File permissions are set with the chmod command. You want
to set the file so that it is readable and writable only by the owner:

chmod 0600 count.txt

The problem is that for this to work, the file needs to be owned by the
web server process, and that may not be your own user id. Some web
servers use the user 'nobody', for example. As a result, you sometimes
have to set data files to be world writable:

chmod 0666 count.txt

So it also depends upon your user id, the web server's id, and whether
or not you have root privilege.

If you do have root privilege, then you can set the owner of the file
as well as the file permissions (as above):

chown nobody:nobody count.txt
chmod 0600 count.txt

But this is for Unix, not necessarily other operating systems.

Thanks for input. The web counter files should be seen my me only (I download the
files every day).

Setting the files chmod 0600 count.txt seems to do what I want.
The perl script creates a num conter file for every day. How do I create the new
file so that it has 0600 attributes?
$txtfi=open (MYCOUNT,"<"."count.txt");
 
T

Ted Zlatanov

J> I have set up my own counter.pl on my web page.
J> The counter saves the visitation count to a text file called "count.txt".
J> How do I create the file (and later open) with file attributes that prevent
J> others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
J> is not real).

Use the mail system to deliver an e-mail message to a special mailbox
for every hit. For a local mail spool, Maildir works best for
performance. Don't use a mbox file if you can help it.

Then you can just count the number of messages in the mailbox. This is
a really simple approach that works reliably on any system, and you can
even do it remotely with SMTP and IMAP. Your sysadmin will love it
because it's very secure.

Another approach I recommend highly is to do "grep -c" against the web
server logs and count the number of HTTP GETs. It gets a little slow
with older logs since you have to uncompress them, but at least you
don't have to worry about locking.

Probably the most robust, if slowest, approach is to read the Perl FAQ
on this topic, as others have suggested.

Ted
 
R

Ron Bergin

Jim Gibson said:
Thanks for input. The web counter files should be seen my me only (I download the
files every day).

Setting the files chmod 0600 count.txt seems to do what I want.
The perl script creates a num conter file for every day. How do I create the new
file so that it has 0600 attributes?
$txtfi=open (MYCOUNT,"<"."count.txt");

use File::CounterFile;
http://search.cpan.org/~gaas/File-CounterFile-1.04/CounterFile.pm

The module uses sysopen without specifying the perm (which defaults to
0666) so you'd probably what to adjust the code in the module.

change:
sysopen(F, $file, O_RDWR|O_CREAT) or croak("Can't open $file: $!");

to:
sysopen(F, $file, O_RDWR|O_CREAT, 0600) or croak("Can't open $file:
$!");
 
R

Ron Bergin

Jim Gibson said:
Thanks for input. The web counter files should be seen my me only (I download the
files every day).

Setting the files chmod 0600 count.txt seems to do what I want.
The perl script creates a num conter file for every day. How do I create the new
file so that it has 0600 attributes?
$txtfi=open (MYCOUNT,"<"."count.txt");

use File::CounterFile;
http://search.cpan.org/~gaas/File-CounterFile-1.04/CounterFile.pm

The module uses sysopen without specifying the perm (which defaults to
0666) so you'd probably what to adjust the code in the module.

change:
sysopen(F, $file, O_RDWR|O_CREAT) or croak("Can't open $file: $!");

to:
sysopen(F, $file, O_RDWR|O_CREAT, 0600) or croak("Can't open $file:
$!");
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top