Reply to Re: Flat file security

Your name:

Reply:


Posted by Ray on 11/30/42 11:28

Hi Erwin,

Erwin Moller wrote:
> Here is more:
> http://www.searchengineworld.com/robots/robots_tutorial.htm

Thank you for finding it!

> It is actually a very simple straightforward system.
> But be aware that robots.txt only works when the spider is friendly and
> cares about your suggestions.

I see. Well, if the best I can do is add many small locks instead of
one big one, I can settle with that. Thanks for the warning!

> > I said this in my previous reply, but I guess my main problem is that I
> > don't understand www-data -- the account which runs the web server and
> > thus, creates these files.
> Well, www-data is just the name of a user.
> It is typically the name of a user that runs Apache.
> Remember that every process on *nix is owned by a user.

I see. Perhaps that is what confused me and why I did -------rw- in
the first place (which seems to have caused an uproar in this thread :)
). At first, I thought www-data was some special user...like root.
After playing around a bit and realizing that public web pages have to
have -------r--, I suspected that it is just a normal user.

So, my problem was that I wanted www-data to create files which I can
also read. If I own the files, one solution is to create a group and
add www-data and me to it...but I'm not the sysadmin and I cannot do a
groupadd. If www-data owns the files, then won't I have problems
reading it?

>From your previous post in August, you suggested creating files owned
by www-data within my directory. It feels strange to me, but perhaps I
don't understand how permissions cascade. Unix permissions is simple
enough: user, group, other/world...but when you put them within each
other is something that I still don't have a grasp of.

> True.
> You don't want normal users changing ownership of files, do you?
> ;-)
> That would make hacking/cracking too easy to give any satisfaction. :P
>
> So: chown is a command executed by root.

Well, before I tried, I thought I would get into the problem of giving
ownership to a file and later, not being able to get it back... But,
when I tried it, I was thinking I won't learn unless I do...I did and
it didn't let me. :)

> > Thanks! I'm going through it now and it looks long and detailed.
> > Thank you for the original posting...I'll make sure the extensive
> > typing you did is used at least one more time by me. :)
> Hehe, thanks.
> When that trick was first explained to me by a guy, I decided to share it at
> least 1 time with somebody else. I did twice now. ;-)

Well, I'll make sure to pass it on. A "good" chain mail! :)

mySQL is great, but not everyone is a sysadmin and sometimes, you have
to make do with what you have. And, I guess it is overkill for what
I'm doing.

> One last tip: Once you set up something you think is reasonable secure, try
> to break it yourself by using another account on the same machine, if that
> is possible. It is a good way of testing what the rwx means on directories
> and such, which is quite confusing the first time you use them (for me).

Well, on that machine, I'm not the sysadmin, so I don't have the
luxury. I am a sysadmin of my machine, but it's behind a firewall.
Nevertheless, I can install a web server and give it a try...the test
won't be as good as the actual test, but maybe good enough.

Thanks for your help!

Ray

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация