Permission and security

[xiaoleiqq]

Hi Everyone,

In my perl script I need to let the user create a file--that is, I need to set the directory permission to 777, I just wonder how dangerous this would be? (apparently that's the only way to go)

Thanks for any comments.

 

[PaulTEG]

depends on how your webserver is set up. The apache user should be in the same group, so your permissions should be set to 664, if it's just a text file, it's shouldn't need the execute bits set

111[sub]2[/sub] = 7[sub]10[/sub] = rwx
110110110[sub]2[/sub]=664[sub]10[/sub]= rw-rw-r--

HTH


Paul
------------------------------------
Spend an hour a week on CPAN, helps cure all known programming ailments ;-)

 

[xiaoleiqq]

Thanks Paul,

However, the issue is when I create the file via web browser, no matter what files I create, if the directory's permision is not rwx, it will be error and the error message is permission denied, which makes sense, but I just wonder how dangerous it is.
(anyway, it does not sounds like a perl question, maybe I should post it somewhere else....)

 

[PaulTEG]

My theory, if it affects perl, it's a perl issue.

ls -lsa

What does the above return on your directory, and the files in your directory?



Paul
------------------------------------
Spend an hour a week on CPAN, helps cure all known programming ailments ;-)

 

[xiaoleiqq]

OK I organized a bit, I have a perl script(which create a regular file) in my directory with permission 755, and directory is 755,

If I run the script in unix, the default file permission is 644, and if I try to run it via browser, I get permission denied error.

Then I set the directory permission to 777, running in unix give the same permission, and When I run it via browser, it create the file correctly, with permission 644...

I just dont feel comfortable giving out writing previledge to other.....