Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 40479 invoked from network); 13 Jan 2004 06:49:53 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 13 Jan 2004 06:49:53 -0000 Received: (qmail 18496 invoked by uid 500); 13 Jan 2004 06:49:21 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 18155 invoked by uid 500); 13 Jan 2004 06:49:19 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 18140 invoked from network); 13 Jan 2004 06:49:19 -0000 Received: from unknown (HELO e32.co.us.ibm.com) (32.97.110.130) by daedalus.apache.org with SMTP; 13 Jan 2004 06:49:19 -0000 Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e32.co.us.ibm.com (8.12.10/8.12.2) with ESMTP id i0D6nTrE302604 for ; Tue, 13 Jan 2004 01:49:30 -0500 Received: from mindspring.com (d03av02.boulder.ibm.com [9.17.193.82]) by westrelay02.boulder.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id i0D6nPj4098548 for ; Mon, 12 Jan 2004 23:49:28 -0700 Message-ID: <400394F1.50705@mindspring.com> Date: Tue, 13 Jan 2004 01:49:21 -0500 From: Aaron W Morris User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en, zh-hk, zh, zh-cn, zh-sg, zh-tw MIME-Version: 1.0 To: users@httpd.apache.org References: <1073883521.17774.ezmlm@httpd.apache.org> <01c801c3d901$069aaa60$0100b3a8@andrus> In-Reply-To: <01c801c3d901$069aaa60$0100b3a8@andrus> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Re: How to create file which can be deleted by other X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Andrus wrote: >>You are making incorrect assumptions about how file permissions work. >>Setting mode 0777 (or 0666) on a file will allow any user to modify a >>file, but deleting a file is not modification. The ability to delete >>depends solely on the permissions of the parent directory. >>The solution to your problem is to create a directory under /tmp, give >>the directory mode 0777, and create your files there with at least mode >>0666. >>You can have a file, owned by root, with mode 0000 in a directory and >>any user will be able to delete the file as long as said user has write >>permissions to the directory. >>I suppose there is an exception to this rule... /tmp usually has the >>sticky bit set which means that even with mode 1777 only the user (or >>root) that creates a file can modify/delete it. I suppose running the >>chmod command on the file as root overrides the stickiness (this might >>even be a bug in the filesystem code). > > > Aaron, > > thank for you excellent explanation. > > I think that best solution is to run my cgi script in the same account as my > server > program. Is it possible to configure Apache 1/Debian to run my cgi script > under ordinary user account using suexec? If not, can I switch to other user > account in C code ? > Or is making a subdirectory under /tmp or using /var/lib/myappl directory > better ? > > Currently I changed httpd.conf lines to > > User andrus > Group andrus > > Is this good idea ? > The easiest method would be to use the subdirectory, but running the CGI as the same user would be the best method. I cannot really answer any questions about suexec as I have no experience with it. The only way to switch users within the C program is to run the CGI with super-user (read: root) authority. -- Aaron W Morris (decep) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org