Re: writable

< ^ > P N |<>|^_>< --- | ~ ...Help
Martin Stannard <martins / aardvark.net.au> wrote in message news:<1084887383.14209.10.camel / beyond>...
> Hi,
> 
> On Tue, 2004-05-18 at 16:18, paul vudmaska wrote:
> > Thanks to the help of a kind rubyist i'm able to write a script for
> > creating directories - some of them writable by the web server for
> > uploading files.
> > 
> > This permission works 0757  which amounts to
> > drwxr-xrwx 
> > 
> > All privs for owner and other but not write for group.
> > 
> > Owner  	                Group  	                Other
> > r 	w 	x 	r 	w 	x 	r 	w 	x
> > 4 	2 	1 	4 	2 	1 	4 	2 	1
> > 
> > 7                        5                       7
> > 
> > I would have thot 0775 would have been better(not writable by other),
> > but that did not fly. What permission octet do the gurus recommend for
> > writable directories?
> > 
> > Seems to me, group should be the correct permission for the server.
> > Does'nt other mean the whole world and will allow them to put baddies
> > in there?
> > 
> > Thanks a bunch guys and gals,
> > :P
> > 
> > ps: for those who've not checked
> > http://phrogz.net/ProgrammingRuby/frameset.html
> > it's a great, dynamic online version of pickaxe - thanks to gavin.
> 
> The method I've used is to have a file upload directory with permission
> 755 and owned by the webserver user, in my case:
> chown apache:apache directory_name

This is making better sense to me - owner apache...
but in the script file(not from the web) i use the ticks 
`chown apache:apache dir_name`
#>invalid user name

so i did 
#>users - just guessing...im a *nix rookie
and bepweb was listed...

`chown bepweb dir_name`

#>Operation not permitted

Bummer

> 
> This allows the server process to write any uploaded files to the
> directory using this code:
>  
>     local_file = @cgi['url'].local_path
>     original_filename = @cgi['url'].original_filename
>     path = "../tutorials/gfx/" + original_filename
>     FileUtils.cp(local_file.untaint, path.untaint)
>
Sweet this is much simpler than what i was doing. My next host, i
hope, is running 1.8 so i can use FileUtils

> Actually I just tried it with 744 and that works too.
> 
> Anyone else see any security problems with that?
> 
> regards,
> 
> Martin

Thanks for the help,paul

OT: I told folks i was checking out hub.org. Cant recommend them,
unfortunately. If i find a good host i'll post. I'm currently checking
out a host that is giving me a dedicated box for 29 a month....not big
hw but adequate...i hope...