httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron W Morris <aaronmor...@mindspring.com>
Subject Re: [users@httpd] Re: How to create file which can be deleted by other
Date Tue, 13 Jan 2004 06:49:21 GMT
Andrus wrote:

>>You are making incorrect assumptions about how file permissions work.
>>Setting mode 0777 (or 0666) on a file will allow any user to modify a
>>file, but deleting a file is not modification.  The ability to delete
>>depends solely on the permissions of the parent directory.
>>The solution to your problem is to create a directory under /tmp, give
>>the directory mode 0777, and create your files there with at least mode
>>0666.
>>You can have a file, owned by root, with mode 0000 in a directory and
>>any user will be able to delete the file as long as said user has write
>>permissions to the directory.
>>I suppose there is an exception to this rule...  /tmp usually has the
>>sticky bit set which means that even with mode 1777 only the user (or
>>root) that creates a file can modify/delete it.  I suppose running the
>>chmod command on the file as root overrides the stickiness (this might
>>even be a bug in the filesystem code).
> 
> 
> Aaron,
> 
> thank for you excellent explanation.
> 
> I think that best solution is to run my cgi script in the same account as my
> server
> program. Is it possible to configure Apache 1/Debian to run my cgi script
> under ordinary user account using suexec? If not, can I switch to other user
> account in C code ?
> Or is making a subdirectory under /tmp or using /var/lib/myappl directory
> better ?
> 
> Currently I changed httpd.conf lines to
> 
> User andrus
> Group andrus
> 
> Is this good idea ?
> 


The easiest method would be to use the subdirectory, but running the CGI 
as the same user would be the best method.  I cannot really answer any 
questions about suexec as I have no experience with it.

The only way to switch users within the C program is to run the CGI with 
super-user (read: root) authority.


-- 
Aaron W Morris <aaronmorris@mindspring.com> (decep)




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message