Posted by The Natural Philosopher on 09/19/07 09:34

Adam Baker wrote:
> On Sep 18, 9:49 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Adam Baker wrote:
>>> On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>>>> Adam Baker wrote:
>>>>> Hello,
>>>>> I'm writing a site where a handful of people will be able to edit
>>>>> the content using PHP scripts (FCKeditor). The content is stored as
>>>>> individual files in a directory. I'd like to validate the "editors"
>>>>> using PHP, cookies, etc.
>>>>> The question is what file permissions I need to allow for the
>>>>> content to be writable by my PHP script. Do I really need to give
>>>>> write permissions to the "other" group. Are all wikis really that
>>>>> vulnerable? (yes, I know that's the point, but for restricted wikis,
>>>>> for instance...)
>>>>> Thanks,
>>>>> Adam
>>>> The only one doing the writing will be the Apache user itself. The
>>>> system doesn't know or care who is using the editor - that's completely
>>>> between Apache and the user.
>>>> And beware that unless you implement your own security, any of those
>>>> people will be able to edit any of the files.
>>>> --
>>>> ==================
>>>> Remove the "x" from my email address
>>>> Jerry Stuckle
>>>> JDS Computer Training Corp.
>>>> jstuck...@attglobal.net
>>>> ==================
>>> Thanks for your reply. I am quite ignorant here, so I will see whether
>>> I can even ask a coherent follow-up. So the PHP script is run by the
>>> Apache user. Is that the user that owns Apache, or a special username?
>>> It would seem, then, that I would want to give rwx permissions for the
>>> content files to that user alone (and myself), not do a chmod 777. Is
>>> that right?
>>> Thanks,
>>> Adam
>> Every process in the machine runs under a specific user. That's what
>> determines the permissions available to the process.
>>
>> No one "owns" Apache. There is a user (or even more than one) which
>> owns the files Apache uses to run. And there is a user for the Apache
>> process. They may or may not be the same.
>>
>> And chmod to 777 is highly dangerous - it allows anyone on your server
>> to read and write to your files. It should never be done if you value
>> those files, IMHO.
>>
>> Rather, you should set up the users and groups to provide the
>> appropriate permissions, then set the file permissions accordingly.
>>
>> I'd suggest you get a book on Linux Administration. It will help you
>> with a lot of different things. And I'm not being sarcastic about the
>> suggestion; learning some of the basics of Linux administration will
>> help you understand a lot of this better - it can be quite confusing.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstuck...@attglobal.net
>> ==================
>
> Is there a good Linux book you could recommend? I don't think I've
> ever read anything about Linux that didn't presuppose a LOT of
> background knowledge.

You cant go wrong with most O'Reilly books. I think there is one on
linux system administration...
>
> Thanks,
> Adam
>

[Back to original message]