|
|
Posted by Jerry Stuckle on 09/18/07 16:49
Adam Baker wrote:
> On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Adam Baker wrote:
>>> Hello,
>>> I'm writing a site where a handful of people will be able to edit
>>> the content using PHP scripts (FCKeditor). The content is stored as
>>> individual files in a directory. I'd like to validate the "editors"
>>> using PHP, cookies, etc.
>>> The question is what file permissions I need to allow for the
>>> content to be writable by my PHP script. Do I really need to give
>>> write permissions to the "other" group. Are all wikis really that
>>> vulnerable? (yes, I know that's the point, but for restricted wikis,
>>> for instance...)
>>> Thanks,
>>> Adam
>> The only one doing the writing will be the Apache user itself. The
>> system doesn't know or care who is using the editor - that's completely
>> between Apache and the user.
>>
>> And beware that unless you implement your own security, any of those
>> people will be able to edit any of the files.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================
>
> Thanks for your reply. I am quite ignorant here, so I will see whether
> I can even ask a coherent follow-up. So the PHP script is run by the
> Apache user. Is that the user that owns Apache, or a special username?
>
> It would seem, then, that I would want to give rwx permissions for the
> content files to that user alone (and myself), not do a chmod 777. Is
> that right?
>
> Thanks,
> Adam
>
Every process in the machine runs under a specific user. That's what
determines the permissions available to the process.
No one "owns" Apache. There is a user (or even more than one) which
owns the files Apache uses to run. And there is a user for the Apache
process. They may or may not be the same.
And chmod to 777 is highly dangerous - it allows anyone on your server
to read and write to your files. It should never be done if you value
those files, IMHO.
Rather, you should set up the users and groups to provide the
appropriate permissions, then set the file permissions accordingly.
I'd suggest you get a book on Linux Administration. It will help you
with a lot of different things. And I'm not being sarcastic about the
suggestion; learning some of the basics of Linux administration will
help you understand a lot of this better - it can be quite confusing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|