L
Lars Madsen
Hi,
I have a small problem here. We have a special directory on our file
system (Linux) where a lot of people are writing to (mostly HTML pages,
no we do not have a CMS, this low tech is fine for now).
Now we also have some secretaries who can help edit these files. The
problems is of course permissions, secretary B need to be able to edit
the files owned by user A.
Solution: Put the necessary people in a special group and make sure that
the files are writable for that group. That's fine, but people tend to
forget setting permissions or changing groups, so I'd like to have a
cron job that goes through all files in a specific directory and set the
group and permissions on all files in this directory-tree.
That's easy to do, well sort of. The problem is of course that this cron
job has to run as root (or similar) and then we are vulnerable to user
input, as in file names such as 'file.html;rm -rf /'
So my question is this: how can one safely change the group and group
permissions in such a case as this. Or more generally how can one run
system commands safely on potentially dangerous data?
/daleif
I have a small problem here. We have a special directory on our file
system (Linux) where a lot of people are writing to (mostly HTML pages,
no we do not have a CMS, this low tech is fine for now).
Now we also have some secretaries who can help edit these files. The
problems is of course permissions, secretary B need to be able to edit
the files owned by user A.
Solution: Put the necessary people in a special group and make sure that
the files are writable for that group. That's fine, but people tend to
forget setting permissions or changing groups, so I'd like to have a
cron job that goes through all files in a specific directory and set the
group and permissions on all files in this directory-tree.
That's easy to do, well sort of. The problem is of course that this cron
job has to run as root (or similar) and then we are vulnerable to user
input, as in file names such as 'file.html;rm -rf /'
So my question is this: how can one safely change the group and group
permissions in such a case as this. Or more generally how can one run
system commands safely on potentially dangerous data?
/daleif