Loading ...
Sorry, an error occurred while loading the content.

changing permissions in order to write a file in Mod_perl

Expand Messages
  • angie ahl
    I m sending this question to the beginners perl list and the mod_perl list as I m not sure where it belongs. In short: I m trying to work out how to create a
    Message 1 of 6 , Apr 29, 2005
    • 0 Attachment
      I'm sending this question to the beginners perl list and the mod_perl
      list as I'm not sure where it belongs.

      In short: I'm trying to work out how to create a directory/file under
      a specific user.

      This is running on MP2 on Apache2 with suexec enabled. The vhost has:

      SuexecUserGroup myuser myuser

      When trying to create the file I get a permissions error.

      I'm trying to create folders and files in the public_html folder who's
      perms are:
      drwxr-x--- 4 myuser apache 512 Apr 29 11:31 public_html


      The uid and gid for the folder:
      public_html: uid = 1009, gid = 1003

      the perl scripts (module that's a handler in fact) uid and gid:
      Real: uid = 1004, gid = 1003 1003 1003
      Effective: uid = 1004, gid = 674124656 1003 1003


      The control Panel (Direct Admin) created the public_html folder under
      group apache, so I assume all sites will be created with that folder
      under group apache.

      Other files/folders created via ftp/file upload are user and group myuser.

      So I'd like to be able to create folders and files under user/group
      myuser and not havae to create them under group apache. so that site's
      don't have access to each others files.

      So it seems my mod_perl modules are running under a different user
      than the suexec setting in httpd.conf

      Do I have to open up the permissions (ie make group apache writeable
      for the folder) or is there some way I can temoprarily switch to uid
      1009, make my files, and then switch back to 1004. Or would this be a
      really bad (crossing the beams kind of bad).

      TIA
    • Dermot Paikkos
      Does suexec work under MP2? http://perl.apache.org/docs/2.0/user/intro/overview.html#What_s_new_in _Apache_2_0 ... ~~ Dermot Paikkos * dermot@sciencephoto.com
      Message 2 of 6 , Apr 29, 2005
      • 0 Attachment
        Does suexec work under MP2?

        http://perl.apache.org/docs/2.0/user/intro/overview.html#What_s_new_in
        _Apache_2_0


        On 29 Apr 2005 at 14:48, angie ahl wrote:


        > I'm sending this question to the beginners perl list and the mod_perl
        > list as I'm not sure where it belongs.
        >
        > In short: I'm trying to work out how to create a directory/file under
        > a specific user.
        >
        > This is running on MP2 on Apache2 with suexec enabled. The vhost has:
        >
        > SuexecUserGroup myuser myuser
        >
        > When trying to create the file I get a permissions error.
        >
        > I'm trying to create folders and files in the public_html folder who's
        > perms are: drwxr-x--- 4 myuser apache 512 Apr 29 11:31 public_html
        >
        >
        > The uid and gid for the folder:
        > public_html: uid = 1009, gid = 1003
        >
        > the perl scripts (module that's a handler in fact) uid and gid:
        > Real: uid = 1004, gid = 1003 1003 1003
        > Effective: uid = 1004, gid = 674124656 1003 1003
        >
        >
        > The control Panel (Direct Admin) created the public_html folder under
        > group apache, so I assume all sites will be created with that folder
        > under group apache.
        >
        > Other files/folders created via ftp/file upload are user and group
        > myuser.
        >
        > So I'd like to be able to create folders and files under user/group
        > myuser and not havae to create them under group apache. so that site's
        > don't have access to each others files.
        >
        > So it seems my mod_perl modules are running under a different user
        > than the suexec setting in httpd.conf
        >
        > Do I have to open up the permissions (ie make group apache writeable
        > for the folder) or is there some way I can temoprarily switch to uid
        > 1009, make my files, and then switch back to 1004. Or would this be a
        > really bad (crossing the beams kind of bad).
        >
        > TIA
        >


        ~~
        Dermot Paikkos * dermot@...
        Network Administrator @ Science Photo Library
        Phone: 0207 432 1100 * Fax: 0207 286 8668
      • angie ahl
        So the scripts running under user apache and group apache, and the site s files are suexec user/group myuser/myuser how do you write files without permissions
        Message 3 of 6 , Apr 29, 2005
        • 0 Attachment
          So the scripts running under user apache and group apache, and the
          site's files are suexec user/group myuser/myuser how do you write
          files without permissions errors.

          Am I right in saying that if suexec were working right then the uid
          and gid in the handler should be returning those for the user/group
          that's in the suexec.

          If so then I guess it's not working.

          Really annoying as it's the final hurdle in well over a years work. :(

          Cheers

          Angie
        • Dermot Paikkos
          I really don t know but I was just trying to set up something similar here and noticed that under MP1 you certainly couldn t, see this article:
          Message 4 of 6 , Apr 29, 2005
          • 0 Attachment
            I really don't know but I was just trying to set up something similar
            here and noticed that under MP1 you certainly couldn't, see this
            article:
            http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to_r
            un_mod_perl_enabled_Apache_as_suExec_

            And then I saw this on changes on MP2:

            "perchild

            The perchild MPM is similar to the worker MPM, but is extended with a
            mechanism which allows mapping of requests to virtual hosts to a
            process running under the user id and group configured for that host.
            This provides a robust replacement for the suexec mechanism.

            META: as of this writing this mpm is not working"

            It looks like suexec is not an option. There maybe an alternitive in
            the future though. Perhaps someone else with more knowledge on MP
            could answer your question better than I can.
            Dp.



            On 29 Apr 2005 at 17:38, angie ahl wrote:

            > So the scripts running under user apache and group apache, and the
            > site's files are suexec user/group myuser/myuser how do you write
            > files without permissions errors.
            >
            > Am I right in saying that if suexec were working right then the uid
            > and gid in the handler should be returning those for the user/group
            > that's in the suexec.
            >
            > If so then I guess it's not working.
            >
            > Really annoying as it's the final hurdle in well over a years work. :(
            >
            > Cheers
            >
            > Angie
            >
          • Dermot Paikkos
            There are 2 options of course: 1) change the apache UID and GIU 2) install mod_cgi; that does allow suexec from what I have read. I don t know if the
            Message 5 of 6 , Apr 29, 2005
            • 0 Attachment
              There are 2 options of course:

              1) change the apache UID and GIU

              2) install mod_cgi; that does allow suexec from what I have read. I
              don't know if the performance is the same though.

              On 29 Apr 2005 at 17:48, angie ahl wrote:

              > Thanks for trying though. The last hurdle's always the toughest one.
              Yeap that final 10% is a killer.
              Dp.

              >
              >
              > On 4/29/05, Dermot Paikkos <dermot@...> wrote:
              > > I really don't know but I was just trying to set up something
              > > similar here and noticed that under MP1 you certainly couldn't, see
              > > this article:
              > > http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to
              > > _r un_mod_perl_enabled_Apache_as_suExec_
              > >
              > > And then I saw this on changes on MP2:
              > >
              > > "perchild
              > >
              > > The perchild MPM is similar to the worker MPM, but is extended with
              > > a mechanism which allows mapping of requests to virtual hosts to a
              > > process running under the user id and group configured for that
              > > host. This provides a robust replacement for the suexec mechanism.
              > >
              > > META: as of this writing this mpm is not working"
              > >
              > > It looks like suexec is not an option. There maybe an alternitive in
              > > the future though. Perhaps someone else with more knowledge on MP
              > > could answer your question better than I can. Dp.
              > >
              > >
              > >
              > > On 29 Apr 2005 at 17:38, angie ahl wrote:
              > >
              > > > So the scripts running under user apache and group apache, and the
              > > > site's files are suexec user/group myuser/myuser how do you write
              > > > files without permissions errors.
              > > >
              > > > Am I right in saying that if suexec were working right then the
              > > > uid and gid in the handler should be returning those for the
              > > > user/group that's in the suexec.
              > > >
              > > > If so then I guess it's not working.
              > > >
              > > > Really annoying as it's the final hurdle in well over a years
              > > > work. :(
              > > >
              > >
            • Stas Bekman
              ... It still doesn t. Though there is metux: http://www.metux.de/mpm/ which is in works. ... That s right. As explained in link Dermot has quoted above, suexec
              Message 6 of 6 , Apr 30, 2005
              • 0 Attachment
                Dermot Paikkos wrote:
                > I really don't know but I was just trying to set up something similar
                > here and noticed that under MP1 you certainly couldn't, see this
                > article:
                > http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to_r
                > un_mod_perl_enabled_Apache_as_suExec_
                >
                > And then I saw this on changes on MP2:
                >
                > "perchild
                >
                > The perchild MPM is similar to the worker MPM, but is extended with a
                > mechanism which allows mapping of requests to virtual hosts to a
                > process running under the user id and group configured for that host.
                > This provides a robust replacement for the suexec mechanism.
                >
                > META: as of this writing this mpm is not working"

                It still doesn't. Though there is metux: http://www.metux.de/mpm/ which is
                in works.

                > It looks like suexec is not an option. There maybe an alternitive in
                > the future though. Perhaps someone else with more knowledge on MP
                > could answer your question better than I can.

                That's right. As explained in link Dermot has quoted above, suexec doesn't
                and won't work under mod_perl (no matter what the version)

                --
                __________________________________________________________________
                Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
                http://stason.org/ mod_perl Guide ---> http://perl.apache.org
                mailto:stas@... http://use.perl.org http://apacheweek.com
                http://modperlbook.org http://apache.org http://ticketmaster.com
              Your message has been successfully submitted and would be delivered to recipients shortly.