[2071] in WWW Security List Archive
Re: Protected Page...
daemon@ATHENA.MIT.EDU (Steff Watkins)
Mon May 13 07:26:41 1996
From: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
To: www-security@ns2.rutgers.edu
Date: Mon, 13 May 1996 10:14:01 +0100 (BST)
In-Reply-To: <960511113530.ZM13943@swcheung-pc> from "S.W. Cheung" at May 11, 96 11:35:28 am
Errors-To: owner-www-security@ns2.rutgers.edu
S.W. Cheung wrote:
=>
=>On May 10, 1:55pm, Mark Lamb wrote:
=>> Subject: Re: Protected Page...
=>> Can you not just set the permissions on the page file accordingly.
=>>
=>
=>Set the permissions??? Do you mean to use "chgrp"...
Hi,
errrrr.... NO!!
This is a 'huge' area of confusion (IMHO), in that people seem to thinkl
that the Web file protection system and the Unix one work with the same
principles.
If you 'chgrp' the WebPage to some group using Unix techniques, then it
will either not change the WebServer's access to it, or make it unreadable
by the WebServer altogether. It depends on what the total Unix file
permissions are, and what user/group the WebServer runs as.
Unix file permissions only limit whether the WebServer can read the file
or not. Who can access the file thru the WebServer has to be handled by
the WebServer's user/group handling procedures.
Steff
