How to set file attributes

Discussion in 'Perl Misc' started by John, Feb 26, 2008.

  1. John

    John Guest

    I have set up my own counter.pl on my web page.

    The counter saves the visitation count to a text file called "count.txt".
    How do I create the file (and later open) with file attributes that prevent
    others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
    is not real).
     
    John, Feb 26, 2008
    #1
    1. Advertising

  2. John

    J. Gleixner Guest

    John wrote:
    > I have set up my own counter.pl on my web page.


    Congratulations, you've just wasted a few hours of your time. :)

    perldoc -q "I still don't get locking."

    >
    > The counter saves the visitation count to a text file called "count.txt".
    > How do I create the file (and later open) with file attributes that prevent
    > others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
    > is not real).


    Nothing to do with perl. Only files under the DOCUMENT_ROOT are
    typically viewable, so write 'count.txt' to another directory,
    like /tmp.
     
    J. Gleixner, Feb 26, 2008
    #2
    1. Advertising

  3. John <> writes:

    > I have set up my own counter.pl on my web page.
    >
    > The counter saves the visitation count to a text file called
    > "count.txt". How do I create the file (and later open) with file
    > attributes that prevent others reading the file, ie. going to
    > www.johnsmith.com/count.txt (the www here is not real).


    Unless you've got some special setup, evey visitor to the site runs as
    the same user (whatever the webserver runs at). That means that if your
    server code can read and write the file, then so can the webserver
    itself.

    What you want to do is prevent the file from being served to the
    web. One way to do that is to put it outside the publically accessible
    file tree(s). Another is to explicitly block it using whatever
    mechanism your webserver provides.

    For the latter approach on apache, you can use mod_access. See also:

    <http://www.ducea.com/2006/07/21/apache-tips-tricks-deny-access-to-
    certain-file-types/>

    --
    Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
     
    Joost Diepenmaat, Feb 26, 2008
    #3
  4. John

    Tony Curtis Guest

    J. Gleixner wrote:

    > Nothing to do with perl. Only files under the DOCUMENT_ROOT are
    > typically viewable, so write 'count.txt' to another directory,
    > like /tmp.


    Off-topic, but.../tmp could easily be memory-based, so I wouldn't write
    there.

    hth
    t
     
    Tony Curtis, Feb 26, 2008
    #4
  5. John

    John Bokma Guest

    Joost Diepenmaat <> wrote:

    > What you want to do is prevent the file from being served to the
    > web. One way to do that is to put it outside the publically accessible
    > file tree(s). Another is to explicitly block it using whatever
    > mechanism your webserver provides.


    What might work (depending on your webserver config) is using a . in
    front, e.g.

    ..counter.txt

    *However* as others suggested, move it out of the document root (and chmod
    your htdocs/www/web/whatever document root dir back to the value it had
    before).

    --
    John

    Arachnids near Coyolillo - part 1
    http://johnbokma.com/mexit/2006/05/04/arachnids-coyolillo-1.html
     
    John Bokma, Feb 26, 2008
    #5
  6. John

    John Guest

    Jim Gibson <> wrote:

    >In article <>, John
    ><> wrote:
    >
    >> I have set up my own counter.pl on my web page.
    >>
    >> The counter saves the visitation count to a text file called "count.txt".
    >> How do I create the file (and later open) with file attributes that prevent
    >> others reading the file, ie. going to www.johnsmith.com/count.txt (the www
    >> here
    >> is not real).

    >
    >It depends upon the operating system. Under Unix, you would create the
    >file with an editor, the cat command, or the touch command (see 'man
    >cat', etc.). File permissions are set with the chmod command. You want
    >to set the file so that it is readable and writable only by the owner:
    >
    > chmod 0600 count.txt
    >
    >The problem is that for this to work, the file needs to be owned by the
    >web server process, and that may not be your own user id. Some web
    >servers use the user 'nobody', for example. As a result, you sometimes
    >have to set data files to be world writable:
    >
    > chmod 0666 count.txt
    >
    >So it also depends upon your user id, the web server's id, and whether
    >or not you have root privilege.
    >
    >If you do have root privilege, then you can set the owner of the file
    >as well as the file permissions (as above):
    >
    > chown nobody:nobody count.txt
    > chmod 0600 count.txt
    >
    >But this is for Unix, not necessarily other operating systems.


    Thanks for input. The web counter files should be seen my me only (I download the
    files every day).

    Setting the files chmod 0600 count.txt seems to do what I want.
    The perl script creates a num conter file for every day. How do I create the new
    file so that it has 0600 attributes?
    $txtfi=open (MYCOUNT,"<"."count.txt");
     
    John, Feb 27, 2008
    #6
  7. John

    Ted Zlatanov Guest

    On Tue, 26 Feb 2008 22:25:45 +0200 John <> wrote:

    J> I have set up my own counter.pl on my web page.
    J> The counter saves the visitation count to a text file called "count.txt".
    J> How do I create the file (and later open) with file attributes that prevent
    J> others reading the file, ie. going to www.johnsmith.com/count.txt (the www here
    J> is not real).

    Use the mail system to deliver an e-mail message to a special mailbox
    for every hit. For a local mail spool, Maildir works best for
    performance. Don't use a mbox file if you can help it.

    Then you can just count the number of messages in the mailbox. This is
    a really simple approach that works reliably on any system, and you can
    even do it remotely with SMTP and IMAP. Your sysadmin will love it
    because it's very secure.

    Another approach I recommend highly is to do "grep -c" against the web
    server logs and count the number of HTTP GETs. It gets a little slow
    with older logs since you have to uncompress them, but at least you
    don't have to worry about locking.

    Probably the most robust, if slowest, approach is to read the Perl FAQ
    on this topic, as others have suggested.

    Ted
     
    Ted Zlatanov, Feb 27, 2008
    #7
  8. John

    Ron Bergin Guest

    On Feb 26, 10:27 pm, John <> wrote:
    > Jim Gibson <> wrote:
    > >In article <>, John
    > ><> wrote:

    >
    > >> I have set up my own counter.pl on my web page.

    >
    > >> The counter saves the visitation count to a text file called "count.txt".
    > >> How do I create the file (and later open) with file attributes that prevent
    > >> others reading the file, ie. going towww.johnsmith.com/count.txt (the www
    > >> here
    > >> is not real).

    >
    > >It depends upon the operating system. Under Unix, you would create the
    > >file with an editor, the cat command, or the touch command (see 'man
    > >cat', etc.). File permissions are set with the chmod command. You want
    > >to set the file so that it is readable and writable only by the owner:

    >
    > > chmod 0600 count.txt

    >
    > >The problem is that for this to work, the file needs to be owned by the
    > >web server process, and that may not be your own user id. Some web
    > >servers use the user 'nobody', for example. As a result, you sometimes
    > >have to set data files to be world writable:

    >
    > > chmod 0666 count.txt

    >
    > >So it also depends upon your user id, the web server's id, and whether
    > >or not you have root privilege.

    >
    > >If you do have root privilege, then you can set the owner of the file
    > >as well as the file permissions (as above):

    >
    > > chown nobody:nobody count.txt
    > > chmod 0600 count.txt

    >
    > >But this is for Unix, not necessarily other operating systems.

    >
    > Thanks for input. The web counter files should be seen my me only (I download the
    > files every day).
    >
    > Setting the files chmod 0600 count.txt seems to do what I want.
    > The perl script creates a num conter file for every day. How do I create the new
    > file so that it has 0600 attributes?
    > $txtfi=open (MYCOUNT,"<"."count.txt");


    use File::CounterFile;
    http://search.cpan.org/~gaas/File-CounterFile-1.04/CounterFile.pm

    The module uses sysopen without specifying the perm (which defaults to
    0666) so you'd probably what to adjust the code in the module.

    change:
    sysopen(F, $file, O_RDWR|O_CREAT) or croak("Can't open $file: $!");

    to:
    sysopen(F, $file, O_RDWR|O_CREAT, 0600) or croak("Can't open $file:
    $!");
     
    Ron Bergin, Feb 27, 2008
    #8
  9. John

    Ron Bergin Guest

    On Feb 26, 10:27 pm, John <> wrote:
    > Jim Gibson <> wrote:
    > >In article <>, John
    > ><> wrote:

    >
    > >> I have set up my own counter.pl on my web page.

    >
    > >> The counter saves the visitation count to a text file called "count.txt".
    > >> How do I create the file (and later open) with file attributes that prevent
    > >> others reading the file, ie. going towww.johnsmith.com/count.txt (the www
    > >> here
    > >> is not real).

    >
    > >It depends upon the operating system. Under Unix, you would create the
    > >file with an editor, the cat command, or the touch command (see 'man
    > >cat', etc.). File permissions are set with the chmod command. You want
    > >to set the file so that it is readable and writable only by the owner:

    >
    > > chmod 0600 count.txt

    >
    > >The problem is that for this to work, the file needs to be owned by the
    > >web server process, and that may not be your own user id. Some web
    > >servers use the user 'nobody', for example. As a result, you sometimes
    > >have to set data files to be world writable:

    >
    > > chmod 0666 count.txt

    >
    > >So it also depends upon your user id, the web server's id, and whether
    > >or not you have root privilege.

    >
    > >If you do have root privilege, then you can set the owner of the file
    > >as well as the file permissions (as above):

    >
    > > chown nobody:nobody count.txt
    > > chmod 0600 count.txt

    >
    > >But this is for Unix, not necessarily other operating systems.

    >
    > Thanks for input. The web counter files should be seen my me only (I download the
    > files every day).
    >
    > Setting the files chmod 0600 count.txt seems to do what I want.
    > The perl script creates a num conter file for every day. How do I create the new
    > file so that it has 0600 attributes?
    > $txtfi=open (MYCOUNT,"<"."count.txt");


    use File::CounterFile;
    http://search.cpan.org/~gaas/File-CounterFile-1.04/CounterFile.pm

    The module uses sysopen without specifying the perm (which defaults to
    0666) so you'd probably what to adjust the code in the module.

    change:
    sysopen(F, $file, O_RDWR|O_CREAT) or croak("Can't open $file: $!");

    to:
    sysopen(F, $file, O_RDWR|O_CREAT, 0600) or croak("Can't open $file:
    $!");
     
    Ron Bergin, Feb 27, 2008
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Max
    Replies:
    1
    Views:
    506
    Joe Kesselman
    Sep 22, 2006
  2. P4trykx
    Replies:
    2
    Views:
    1,858
    bruce barker
    Jan 31, 2007
  3. james_027

    class attributes & data attributes

    james_027, Jun 20, 2007, in forum: Python
    Replies:
    2
    Views:
    390
    Bruno Desthuilliers
    Jun 20, 2007
  4. Kyle Schmitt
    Replies:
    3
    Views:
    211
    Kyle Schmitt
    Jul 24, 2007
  5. Jayden
    Replies:
    16
    Views:
    548
    Steven D'Aprano
    Sep 29, 2012
Loading...

Share This Page