Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] permissions

Expand Messages
  • Paul Archer
    You are specifying the permissions before the umask is applied. ( man umask for more details) You should be able to change the permissions after the fact, or
    Message 1 of 9 , Oct 4, 2003
    • 0 Attachment
      You are specifying the permissions before the umask is applied.
      ('man umask' for more details)
      You should be able to change the permissions after the fact, or change your
      umask beforehand--but why do you want/need those permissions in the first
      place? Having a world-writable directory is usually considered to be a Bad
      Thing. At least chmod 1777 (to set the sticky bit) for the new directory.

      Paul Archer


      6:09pm, Scott wrote:

      > When I make a directory, I assume because I'm not a superuser that I
      > can't make 0777
      > mkdir("/entry/$newdir", 0777);
      > When it's made, it's 0755.
      > Is there a way to chmod this new directory to 0777 in the script?
      >
      >
      >
      >
      > Unsubscribing info is here: http://help.yahoo.com/help/us/groups/groups-32.html
      >
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
      >
      >

      --------------------------------------------------------
      Never trust a computer you can't repair yourself.

      Paul's Corollary:
      Never trust a computer that's been repaired by its user.
      --------------------------------------------------------
    • merlyn@stonehenge.com
      ... Scott When I make a directory, I assume because I m not a superuser that I Scott can t make 0777 Scott mkdir( /entry/$newdir , 0777); Scott When it s
      Message 2 of 9 , Oct 4, 2003
      • 0 Attachment
        >>>>> "Scott" == Scott <mike_nhl@...> writes:

        Scott> When I make a directory, I assume because I'm not a superuser that I
        Scott> can't make 0777
        Scott> mkdir("/entry/$newdir", 0777);
        Scott> When it's made, it's 0755.
        Scott> Is there a way to chmod this new directory to 0777 in the script?

        (1) You generally don't want to do that.
        (2) It's taking the "umask" into consideration. All the bits of the
        umask are anded-out of any file/directory creation permissions. Your
        umask is probably 022, a common setting. Change it like so:

        my $old_umask = umask 0;
        mkdir "/some/where/out/there", 0777 or die "...";
        umask $old_umask;


        --
        Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
        <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
        Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
        See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
      • Scott
        ... Your ... 777 0095 ... training! Forgive my newbie lack of knowing... I don t know umask, never heard of it. Here s my basic needs... I have a script that
        Message 3 of 9 , Oct 4, 2003
        • 0 Attachment
          > (1) You generally don't want to do that.
          > (2) It's taking the "umask" into consideration. All the bits of the
          > umask are anded-out of any file/directory creation permissions.
          Your
          > umask is probably 022, a common setting. Change it like so:
          >
          > my $old_umask = umask 0;
          > mkdir "/some/where/out/there", 0777 or die "...";
          > umask $old_umask;
          >
          >
          > --
          > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
          777 0095
          > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
          > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
          > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
          training!

          Forgive my newbie lack of knowing...
          I don't know umask, never heard of it. Here's my basic needs... I have
          a script that creates txt data files into these directories that I
          make using a script and it won't write the txt files if they are 0755.
          It does work when 0777. What is different about 1777? I'll go look up
          some umask info if I can. I see that I really don't want to have any
          directories set to 0777? Why not? and what should they be?
        • merlyn@stonehenge.com
          ... Scott I don t know umask, never heard of it. Can t say that any more. You ve heard of it now. :) Scott Here s my basic needs... I have Scott a script
          Message 4 of 9 , Oct 4, 2003
          • 0 Attachment
            >>>>> "Scott" == Scott <mike_nhl@...> writes:

            Scott> I don't know umask, never heard of it.

            Can't say that any more. You've heard of it now. :)

            Scott> Here's my basic needs... I have
            Scott> a script that creates txt data files into these directories that I
            Scott> make using a script and it won't write the txt files if they are 0755.

            They don't need to be 0777 as long as they are owned by the webserver
            user ID. That's probably not you. Making them 0777 is asking for
            trouble.

            Just understand that there are two different user IDs going on here.
            The webserver runs as one user, and you're running as a different
            user.

            And don't make things world writable.
            --
            Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
            <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
            Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
            See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
          • Scott
            ... I used $old_umask = umask 0; mkdir( ../path/$form{ newdir } , 0755) or die ... ; umask $old_umask; and it works like a charm. Thanks for the script bits.
            Message 5 of 9 , Oct 4, 2003
            • 0 Attachment
              > my $old_umask = umask 0;
              > mkdir "/some/where/out/there", 0777 or die "...";
              > umask $old_umask;

              I used

              $old_umask = umask 0;
              mkdir("../path/$form{'newdir'}", 0755) or die "...";
              umask $old_umask;

              and it works like a charm. Thanks for the script bits. How does this
              affect security?
            • merlyn@stonehenge.com
              ... Scott I used Scott $old_umask = umask 0; Scott mkdir( ../path/$form{ newdir } , 0755) or die ... ; Scott umask $old_umask; Scott and it works like a
              Message 6 of 9 , Oct 5, 2003
              • 0 Attachment
                >>>>> "Scott" == Scott <mike_nhl@...> writes:

                >> my $old_umask = umask 0;
                >> mkdir "/some/where/out/there", 0777 or die "...";
                >> umask $old_umask;

                Scott> I used

                Scott> $old_umask = umask 0;
                Scott> mkdir("../path/$form{'newdir'}", 0755) or die "...";
                Scott> umask $old_umask;

                Scott> and it works like a charm. Thanks for the script bits. How does this
                Scott> affect security?

                Oooh. Oh dangerous. You're getting the path from a form field?
                That's really, really, bad.

                Please read <http://www.stonehenge.com/merlyn/UnixReview/col48.html>
                for a basic security checklist. You might also want to google
                for "CGI Security" and "Perl CGI Security" for a lot more advice.

                --
                Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
              Your message has been successfully submitted and would be delivered to recipients shortly.