Loading ...
Sorry, an error occurred while loading the content.

permissions

Expand Messages
  • Nancy Pettigrew
    i m writing a script that will execute the du command and use the results as part of a report... however, the directories to be accessed are not owned by the
    Message 1 of 9 , Jul 28 10:55 AM
    • 0 Attachment
      i'm writing a script that will execute the du command and use the results as
      part of a report...
      however, the directories to be accessed are not owned by the user running
      the report, so du barfs, of course.
      is there a safe way to switch to a user with permissions, or root, and run
      the command from within perl?
    • Dan Boger
      ... my guess is that you d be best off installing sudo, so that use could run du as root. Of course, that s assuming you trust that user not to abuse that,
      Message 2 of 9 , Jul 28 11:20 AM
      • 0 Attachment
        On Fri, Jul 28, 2000 at 10:55:06AM -0700, Nancy Pettigrew wrote:
        > i'm writing a script that will execute the du command and use the results as
        > part of a report...
        > however, the directories to be accessed are not owned by the user running
        > the report, so du barfs, of course.
        > is there a safe way to switch to a user with permissions, or root, and run
        > the command from within perl?

        my guess is that you'd be best off installing sudo, so that use could run
        du as root. Of course, that's assuming you trust that user not to abuse
        that, and probably building du to be staticly linked.

        Dan
      • Scott
        When I make a directory, I assume because I m not a superuser that I can t make 0777 mkdir( /entry/$newdir , 0777); When it s made, it s 0755. Is there a way
        Message 3 of 9 , Oct 4, 2003
        • 0 Attachment
          When I make a directory, I assume because I'm not a superuser that I
          can't make 0777
          mkdir("/entry/$newdir", 0777);
          When it's made, it's 0755.
          Is there a way to chmod this new directory to 0777 in the script?
        • Paul Archer
          You are specifying the permissions before the umask is applied. ( man umask for more details) You should be able to change the permissions after the fact, or
          Message 4 of 9 , Oct 4, 2003
          • 0 Attachment
            You are specifying the permissions before the umask is applied.
            ('man umask' for more details)
            You should be able to change the permissions after the fact, or change your
            umask beforehand--but why do you want/need those permissions in the first
            place? Having a world-writable directory is usually considered to be a Bad
            Thing. At least chmod 1777 (to set the sticky bit) for the new directory.

            Paul Archer


            6:09pm, Scott wrote:

            > When I make a directory, I assume because I'm not a superuser that I
            > can't make 0777
            > mkdir("/entry/$newdir", 0777);
            > When it's made, it's 0755.
            > Is there a way to chmod this new directory to 0777 in the script?
            >
            >
            >
            >
            > Unsubscribing info is here: http://help.yahoo.com/help/us/groups/groups-32.html
            >
            > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
            >
            >

            --------------------------------------------------------
            Never trust a computer you can't repair yourself.

            Paul's Corollary:
            Never trust a computer that's been repaired by its user.
            --------------------------------------------------------
          • merlyn@stonehenge.com
            ... Scott When I make a directory, I assume because I m not a superuser that I Scott can t make 0777 Scott mkdir( /entry/$newdir , 0777); Scott When it s
            Message 5 of 9 , Oct 4, 2003
            • 0 Attachment
              >>>>> "Scott" == Scott <mike_nhl@...> writes:

              Scott> When I make a directory, I assume because I'm not a superuser that I
              Scott> can't make 0777
              Scott> mkdir("/entry/$newdir", 0777);
              Scott> When it's made, it's 0755.
              Scott> Is there a way to chmod this new directory to 0777 in the script?

              (1) You generally don't want to do that.
              (2) It's taking the "umask" into consideration. All the bits of the
              umask are anded-out of any file/directory creation permissions. Your
              umask is probably 022, a common setting. Change it like so:

              my $old_umask = umask 0;
              mkdir "/some/where/out/there", 0777 or die "...";
              umask $old_umask;


              --
              Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
              <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
              Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
              See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
            • Scott
              ... Your ... 777 0095 ... training! Forgive my newbie lack of knowing... I don t know umask, never heard of it. Here s my basic needs... I have a script that
              Message 6 of 9 , Oct 4, 2003
              • 0 Attachment
                > (1) You generally don't want to do that.
                > (2) It's taking the "umask" into consideration. All the bits of the
                > umask are anded-out of any file/directory creation permissions.
                Your
                > umask is probably 022, a common setting. Change it like so:
                >
                > my $old_umask = umask 0;
                > mkdir "/some/where/out/there", 0777 or die "...";
                > umask $old_umask;
                >
                >
                > --
                > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503
                777 0095
                > <merlyn@s...> <URL:http://www.stonehenge.com/merlyn/>
                > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
                training!

                Forgive my newbie lack of knowing...
                I don't know umask, never heard of it. Here's my basic needs... I have
                a script that creates txt data files into these directories that I
                make using a script and it won't write the txt files if they are 0755.
                It does work when 0777. What is different about 1777? I'll go look up
                some umask info if I can. I see that I really don't want to have any
                directories set to 0777? Why not? and what should they be?
              • merlyn@stonehenge.com
                ... Scott I don t know umask, never heard of it. Can t say that any more. You ve heard of it now. :) Scott Here s my basic needs... I have Scott a script
                Message 7 of 9 , Oct 4, 2003
                • 0 Attachment
                  >>>>> "Scott" == Scott <mike_nhl@...> writes:

                  Scott> I don't know umask, never heard of it.

                  Can't say that any more. You've heard of it now. :)

                  Scott> Here's my basic needs... I have
                  Scott> a script that creates txt data files into these directories that I
                  Scott> make using a script and it won't write the txt files if they are 0755.

                  They don't need to be 0777 as long as they are owned by the webserver
                  user ID. That's probably not you. Making them 0777 is asking for
                  trouble.

                  Just understand that there are two different user IDs going on here.
                  The webserver runs as one user, and you're running as a different
                  user.

                  And don't make things world writable.
                  --
                  Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                  <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                  Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                  See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
                • Scott
                  ... I used $old_umask = umask 0; mkdir( ../path/$form{ newdir } , 0755) or die ... ; umask $old_umask; and it works like a charm. Thanks for the script bits.
                  Message 8 of 9 , Oct 4, 2003
                  • 0 Attachment
                    > my $old_umask = umask 0;
                    > mkdir "/some/where/out/there", 0777 or die "...";
                    > umask $old_umask;

                    I used

                    $old_umask = umask 0;
                    mkdir("../path/$form{'newdir'}", 0755) or die "...";
                    umask $old_umask;

                    and it works like a charm. Thanks for the script bits. How does this
                    affect security?
                  • merlyn@stonehenge.com
                    ... Scott I used Scott $old_umask = umask 0; Scott mkdir( ../path/$form{ newdir } , 0755) or die ... ; Scott umask $old_umask; Scott and it works like a
                    Message 9 of 9 , Oct 5, 2003
                    • 0 Attachment
                      >>>>> "Scott" == Scott <mike_nhl@...> writes:

                      >> my $old_umask = umask 0;
                      >> mkdir "/some/where/out/there", 0777 or die "...";
                      >> umask $old_umask;

                      Scott> I used

                      Scott> $old_umask = umask 0;
                      Scott> mkdir("../path/$form{'newdir'}", 0755) or die "...";
                      Scott> umask $old_umask;

                      Scott> and it works like a charm. Thanks for the script bits. How does this
                      Scott> affect security?

                      Oooh. Oh dangerous. You're getting the path from a form field?
                      That's really, really, bad.

                      Please read <http://www.stonehenge.com/merlyn/UnixReview/col48.html>
                      for a basic security checklist. You might also want to google
                      for "CGI Security" and "Perl CGI Security" for a lot more advice.

                      --
                      Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
                      <merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
                      Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
                      See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
                    Your message has been successfully submitted and would be delivered to recipients shortly.