[24638] in Perl-Users-Digest
Perl-Users Digest, Issue: 6802 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Aug 3 12:41:13 2004
Date: Tue, 3 Aug 2004 09:40:40 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Tue, 3 Aug 2004 Volume: 10 Number: 6802
Today's topics:
CGI file ownership (Andrew)
Re: CGI file ownership <invalid-email@rochester.rr.com>
Re: CGI file ownership (David Efflandt)
Re: CGI file ownership <webmaster @ infusedlight.net>
Re: CGI file ownership (Andrew)
Re: CGI file ownership <Joe.Smith@inwap.com>
Re: CGI file ownership <spamtrap@dot-app.org>
Re: CGI file ownership <clpm@nospam.perusion.com>
Re: CGI file ownership <webmaster @ infusedlight.net>
Re: CGI file ownership <spamtrap@dot-app.org>
Re: CGI file ownership <jurgenex@hotmail.com>
Re: CGI file ownership (Walter Roberson)
Re: CGI file ownership <spamtrap@dot-app.org>
Re: CGI file ownership <nanae@nanae.perusion.com>
Re: CGI file ownership <spamtrap@dot-app.org>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 24 Jul 2004 10:16:31 -0700
From: arobcorp@yahoo.com.au (Andrew)
Subject: CGI file ownership
Message-Id: <9e8ef4c1.0407240916.6a9513a9@posting.google.com>
Hi all and thanks for any help given!,
I am currently building a web page with cgi's that create text files
to store data. When it does this it is saving the file with ownership
of apache, and i want to change the ownership of the file to a lesser
owner (the one where the webpage is stored). I have tried some comands
and variations of the commands with no sucess!. is there anyone that
knows how to change the ownership (hardlink) to a lesser owner?, if so
could you please provide the line of code and how it works =)
Thanks Heaps
Andrew
------------------------------
Date: Sat, 24 Jul 2004 17:32:28 GMT
From: Bob Walton <invalid-email@rochester.rr.com>
Subject: Re: CGI file ownership
Message-Id: <41029CB7.5020000@rochester.rr.com>
Andrew wrote:
...
> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)
...
> Andrew
>
You don't say what your OS is, but I assume is it some flavor of Unix.
Generally, file ownership is changed with the chown command. But it
probably is restricted to only be run by root. Do:
perldoc -f chown
and
man chown
for your OS to see the details for your system -- the details vary quite
a bit.
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
------------------------------
Date: Sat, 24 Jul 2004 20:56:05 +0000 (UTC)
From: efflandt@xnet.com (David Efflandt)
Subject: Re: CGI file ownership
Message-Id: <slrncg5j75.f18.efflandt@typhoon.xnet.com>
On 24 Jul 2004 10:16:31 -0700, Andrew <arobcorp@yahoo.com.au> wrote:
> Hi all and thanks for any help given!,
> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)
> Thanks Heaps
> Andrew
It may be better to run the CGI under suexec (or cgiwrap) as the user you
want to save it as, then the CGI could be run with 700 permission and
access files with 600 permission. Or in the absense of suexec or cgiwrap,
you could run the script suid as the desired user (usually requires suid
binary wrapper, since suid for scripts is typically ignored).
If for security reasons chown does not allow you to change owner, or group
[assuming that apache and only desired user(s) are members of that group],
the only other option is to leave it wide open with insecure chmod 0666
(or perhaps less depending upon group or others). If you then as the
desired user, change owner/group, the CGI may no longer be able to modify
or delete the files, depending upon permissions at that time.
So unless this is your own private server, it would be better to have your
CGI somehow run as the desired user, than to leave the files vulnerable
until you have a chance to modify ownership and permissions.
BTW never give any file 777 permission, since that would allow any user to
modify and execute it.
--
David Efflandt - All spam ignored http://www.de-srv.com/
------------------------------
Date: Sat, 24 Jul 2004 22:07:45 -0600
From: "Robin" <webmaster @ infusedlight.net>
Subject: Re: CGI file ownership
Message-Id: <cdvbo0$m7j$1@reader2.nmix.net>
"Andrew" <arobcorp@yahoo.com.au> wrote in message
news:9e8ef4c1.0407240916.6a9513a9@posting.google.com...
> Hi all and thanks for any help given!,
> I am currently building a web page with cgi's that create text files
> to store data. When it does this it is saving the file with ownership
> of apache, and i want to change the ownership of the file to a lesser
> owner (the one where the webpage is stored). I have tried some comands
> and variations of the commands with no sucess!. is there anyone that
> knows how to change the ownership (hardlink) to a lesser owner?, if so
> could you please provide the line of code and how it works =)
> Thanks Heaps
> Andrew
perl has a built in command for this, see the documentation, perldoc -f
chown, also, you could always use system or exec, but it is unadvisable.
-Robin
------------------------------
Date: 24 Jul 2004 22:02:36 -0700
From: arobcorp@yahoo.com.au (Andrew)
Subject: Re: CGI file ownership
Message-Id: <9e8ef4c1.0407242102.1db10774@posting.google.com>
Thanks All that have replied so quick,
I should have put more OS system info (linux-RedHat 9), and i forgot
to mention that i want the cgi to do it after it create the file. I
think That David answered my question enough that i can do some
research and hopefully solve my problem.
Thanks All
Andrew
------------------------------
Date: Sun, 25 Jul 2004 10:45:34 GMT
From: Joe Smith <Joe.Smith@inwap.com>
Subject: Re: CGI file ownership
Message-Id: <ibMMc.183017$Oq2.124405@attbi_s52>
Robin wrote:
> perl has a built in command for this,
That's true, but chown() is not usable unless the web server is
running as root, which is not likely. (And would be an unacceptable
security risk if it was.)
-Joe
------------------------------
Date: Sun, 25 Jul 2004 12:36:28 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: CGI file ownership
Message-Id: <_9WdnR2hNtwRfJ7cRVn-sw@adelphia.com>
Robin wrote:
> perl has a built in command for this, see the documentation, perldoc -f
> chown, also, you could always use system or exec, but it is unadvisable.
Robin, you might think that you're being "trendy" or "cool" by shouting
"RTFM", but in truth you're making a fool of yourself. It doesn't matter
in this case whether the external chown command or internal chown()
function is used - both require root access, which is the advice given
above by people far better qualified to give it.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Sun, 25 Jul 2004 17:53:28 -0000
From: Mike Heins <clpm@nospam.perusion.com>
Subject: Re: CGI file ownership
Message-Id: <slrncg7ssn.mao.nanae@bill.heins.net>
In article <_9WdnR2hNtwRfJ7cRVn-sw@adelphia.com>, Sherm Pendley wrote:
> Robin wrote:
>
>> perl has a built in command for this, see the documentation, perldoc -f
>> chown, also, you could always use system or exec, but it is unadvisable.
>
> Robin, you might think that you're being "trendy" or "cool" by shouting
> "RTFM", but in truth you're making a fool of yourself. It doesn't matter
> in this case whether the external chown command or internal chown()
> function is used - both require root access, which is the advice given
> above by people far better qualified to give it.
Au contraire -- some operating systems allow you to "give away" a
file you own. True, not any that I know of are in common use ; but
it is possible.
And, presumably, using the system documentation would be the
authoritative reference for that.
--
Friends don't let friends use Outlook. -- Bob Blaylock
------------------------------
Date: Sun, 25 Jul 2004 13:06:25 -0600
From: "Robin" <webmaster @ infusedlight.net>
Subject: Re: CGI file ownership
Message-Id: <ce10bq$tnb$1@reader2.nmix.net>
"Mike Heins" <clpm@nospam.perusion.com> wrote in message
news:slrncg7ssn.mao.nanae@bill.heins.net...
> In article <_9WdnR2hNtwRfJ7cRVn-sw@adelphia.com>, Sherm Pendley wrote:
> > Robin wrote:
> >
> >> perl has a built in command for this, see the documentation, perldoc -f
> >> chown, also, you could always use system or exec, but it is
unadvisable.
> >
> > Robin, you might think that you're being "trendy" or "cool" by shouting
> > "RTFM", but in truth you're making a fool of yourself. It doesn't matter
> > in this case whether the external chown command or internal chown()
> > function is used - both require root access, which is the advice given
> > above by people far better qualified to give it.
>
> Au contraire -- some operating systems allow you to "give away" a
> file you own. True, not any that I know of are in common use ; but
> it is possible.
>
> And, presumably, using the system documentation would be the
> authoritative reference for that.
yeah. and we don't know his os.
-robin
------------------------------
Date: Sun, 25 Jul 2004 15:08:46 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: CGI file ownership
Message-Id: <9NmdnXn64a6imJncRVn-qg@adelphia.com>
Mike Heins wrote:
> And, presumably, using the system documentation would be the
> authoritative reference for that.
Two points:
Robin specifically referred to 'perldoc -f chown' - i.e. the standard
perl docs for the built-in chown() function. There is no mention in that
of these caveats.
Second, Robin has a history here. This is not the first time he's tried
to be "kewl" by posting an RTFM response that turned out to be utterly
clueless. He saw this was a question about changing ownership, and tried
to imitate what he imagines is how a "guru" would answer the question.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Sun, 25 Jul 2004 19:36:29 GMT
From: "Jürgen Exner" <jurgenex@hotmail.com>
Subject: Re: CGI file ownership
Message-Id: <1ZTMc.5301$Nu4.1409@nwrddc01.gnilink.net>
Sherm Pendley wrote:
> Mike Heins wrote:
>
>> And, presumably, using the system documentation would be the
>> authoritative reference for that.
>
> Two points:
>
> Robin specifically referred to 'perldoc -f chown' - i.e. the standard
> perl docs for the built-in chown() function. There is no mention in
> that of these caveats.
Really? The version I have includes
On most systems, you are not allowed to change the ownership of
the file unless you're the superuser, [...]
jue
------------------------------
Date: 25 Jul 2004 19:37:17 GMT
From: roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson)
Subject: Re: CGI file ownership
Message-Id: <ce125d$ad2$1@canopus.cc.umanitoba.ca>
In article <slrncg7ssn.mao.nanae@bill.heins.net>,
Mike Heins <clpm@perusion.com> wrote:
:Au contraire -- some operating systems allow you to "give away" a
:file you own. True, not any that I know of are in common use ; but
:it is possible.
IRIX. But I guess that doesn't really qualify as being in "common use"
anymore.
http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/u_man/cat1/chgrp.z
Only the owner of a file (or the superuser) may change the owner or group
of that file.
However, if the variable restricted_chown is enabled (see intro(2) and
systune(1M)) then only the superuser can change the owner of the file,
because if users were able to give files away, they could defeat the file
space accounting procedures.
On the other hand, Solaris probably still qualifies as being in
common use:
http://docs.sun.com/db/doc/816-0210/6m6nb7m5t?a=view
Only the owner of a file (or the super-user) may change the owner
of that file.
The operating system has a configuration option
{_POSIX_CHOWN_RESTRICTED}, to restrict ownership changes. When this
option is in effect the owner of the file is prevented from
changing the owner ID of the file. Only the super-user can
arbitrarily change owner IDs whether or not this option is in
effect. [...]
{_POSIX_CHOWN_RESTRICTED} is enabled by default.
So Solaris allows admins to enable the behaviour.
--
*We* are now the times. -- Wim Wenders (WoD)
------------------------------
Date: Sun, 25 Jul 2004 18:56:25 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: CGI file ownership
Message-Id: <3fGdnXQHq88Hp5ncRVn-uA@adelphia.com>
Jürgen Exner wrote:
> Sherm Pendley wrote:
>
>>Mike Heins wrote:
>>
>>
>>>And, presumably, using the system documentation would be the
>>>authoritative reference for that.
>>
>>Two points:
>>
>>Robin specifically referred to 'perldoc -f chown' - i.e. the standard
>>perl docs for the built-in chown() function. There is no mention in
>>that of these caveats.
>
>
> Really? The version I have includes
>
> On most systems, you are not allowed to change the ownership of
> the file unless you're the superuser, [...]
Exactly. As you've kindly shown here, the Perl docs do mention the fact
that not *all* systems require root permissions. But they are absolutely
*not* an "authoritative reference" that will tell you the specific
behavior of the system you're on.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Mon, 26 Jul 2004 01:54:15 -0000
From: Perusion Hostmaster <nanae@nanae.perusion.com>
Subject: Re: CGI file ownership
Message-Id: <slrncg8p27.s07.nanae@bill.heins.net>
In article <3fGdnXQHq88Hp5ncRVn-uA@adelphia.com>, Sherm Pendley wrote:
> Jürgen Exner wrote:
>
>> Sherm Pendley wrote:
>>
>>>Mike Heins wrote:
>>>
>>>
>>>>And, presumably, using the system documentation would be the
>>>>authoritative reference for that.
>>>
>>>Two points:
>>>
>>>Robin specifically referred to 'perldoc -f chown' - i.e. the standard
>>>perl docs for the built-in chown() function. There is no mention in
>>>that of these caveats.
>>
>>
>> Really? The version I have includes
>>
>> On most systems, you are not allowed to change the ownership of
>> the file unless you're the superuser, [...]
>
> Exactly. As you've kindly shown here, the Perl docs do mention the fact
> that not *all* systems require root permissions. But they are absolutely
> *not* an "authoritative reference" that will tell you the specific
> behavior of the system you're on.
And it also mentions how to find out whether it is allowed on POSIX
systems.
On insecure systems, these restrictions may be relaxed, but this is not
a portable assumption. On POSIX systems, you can detect this condition
this way:
use POSIX qw(sysconf _PC_CHOWN_RESTRICTED);
$can_chown_giveaway = not sysconf(_PC_CHOWN_RESTRICTED);
Point being, perhaps a reference to "man chown" might have been in
order, but all the info needed is there.
I don't make too many of them, but I am willing to believe that
repeated RTFM responses will actually get a few people to do it.
--
I have a cop friend who thinks he ought be able to give a new ticket;
"too dumb for conditions".
------------------------------
Date: Sun, 25 Jul 2004 23:00:43 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: CGI file ownership
Message-Id: <c9-dnVFRZ7NG7pncRVn-vw@adelphia.com>
Perusion Hostmaster wrote:
> I don't make too many of them, but I am willing to believe that
> repeated RTFM responses will actually get a few people to do it.
RTFM, if a pointer to which FM should be R'd is included, can be a good
response. After all, if a good explanation has already been written,
going to the trouble of writing another seems a waste.
My issue with Robin's response isn't the "RTFM-ness" of it. It's that
Robin issues such responses because he thinks snide, RTFM responses will
make him look "kewl" and help him "fit in". He tries to pretend to a
much higher clue level than he actually has.
Like I said earlier, he has a history here - have a look at the archives
at Google, and you'll see what I mean. His posting history shows that
any resemblance between useful information and one of his posts is
purely coincidental.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 6802
***************************************
