Posted by Adam Baker on 09/18/07 23:32

On Sep 18, 9:49 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Adam Baker wrote:
> > On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> >> Adam Baker wrote:
> >>> Hello,
> >>> I'm writing a site where a handful of people will be able to edit
> >>> the content using PHP scripts (FCKeditor). The content is stored as
> >>> individual files in a directory. I'd like to validate the "editors"
> >>> using PHP, cookies, etc.
> >>> The question is what file permissions I need to allow for the
> >>> content to be writable by my PHP script. Do I really need to give
> >>> write permissions to the "other" group. Are all wikis really that
> >>> vulnerable? (yes, I know that's the point, but for restricted wikis,
> >>> for instance...)
> >>> Thanks,
> >>> Adam
> >> The only one doing the writing will be the Apache user itself. The
> >> system doesn't know or care who is using the editor - that's completely
> >> between Apache and the user.
>
> >> And beware that unless you implement your own security, any of those
> >> people will be able to edit any of the files.
>
> >> --
> >> ==================
> >> Remove the "x" from my email address
> >> Jerry Stuckle
> >> JDS Computer Training Corp.
> >> jstuck...@attglobal.net
> >> ==================
>
> > Thanks for your reply. I am quite ignorant here, so I will see whether
> > I can even ask a coherent follow-up. So the PHP script is run by the
> > Apache user. Is that the user that owns Apache, or a special username?
>
> > It would seem, then, that I would want to give rwx permissions for the
> > content files to that user alone (and myself), not do a chmod 777. Is
> > that right?
>
> > Thanks,
> > Adam
>
> Every process in the machine runs under a specific user. That's what
> determines the permissions available to the process.
>
> No one "owns" Apache. There is a user (or even more than one) which
> owns the files Apache uses to run. And there is a user for the Apache
> process. They may or may not be the same.
>
> And chmod to 777 is highly dangerous - it allows anyone on your server
> to read and write to your files. It should never be done if you value
> those files, IMHO.
>
> Rather, you should set up the users and groups to provide the
> appropriate permissions, then set the file permissions accordingly.
>
> I'd suggest you get a book on Linux Administration. It will help you
> with a lot of different things. And I'm not being sarcastic about the
> suggestion; learning some of the basics of Linux administration will
> help you understand a lot of this better - it can be quite confusing.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

Is there a good Linux book you could recommend? I don't think I've
ever read anything about Linux that didn't presuppose a LOT of
background knowledge.

Thanks,
Adam

[Back to original message]