CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Nobody (UID, GID, GROUPS) Error

 



jr
Novice

Sep 5, 2000, 10:48 PM

Post #1 of 2 (209 views)
Nobody (UID, GID, GROUPS) Error Can't Post

I've got a set of scripts that automatically creates HTML files for me, however, it is creating them under the NOBODY userID, which will not let me edit or delete these files in any way. And since I am testing this thing, I need to be able to edit and delete the files...

The files in question are set to my correct user ID (UID, GID and GROUPS), but the files these scripts are creating keep getting stuck under NOBODY's permissions...

Any help?


fishfork
Novice

Sep 10, 2000, 7:25 AM

Post #2 of 2 (209 views)
Re: Nobody (UID, GID, GROUPS) Error [In reply to] Can't Post

Hi

I've been doing exactly the same thing recently and have had axactly the same problem.

When a web browser runs a script it does so with the permissions of the 'nobody' user. This user has very few permissions hence minimising the risk of attack.

One way arround this is to run the scripts as setuid so that they run with your permissions instead of the nobody user's. To do this use

chmod a+s script.cgi

from the command line (use telnet or whatever).

The drawback with this is that you must be VERY careful with what your scripts do. For example, if one of them removes a file chosen from a form, I can submit that form with data
/*
and then lots of things on the server will be deleted. Not good.


As my server administrator runs quite a tight ship I can safely use files belonging to the nobody user which, hence, are world writable.

When files are created the value in umask ( an octal number) is automatically subtracted from 0777 to get the default permissions. I was getting files with permissions 600 so that I, as the user could not delete them.

To get round this use
umask(000);
in your script so that files are created with maximum permissions.
When creating directories use
mkdir("pathname", 0777)
to give directories maximum permissions too.

Sorry if that was a bit long.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives