Re: File permissions for a wiki-like site
- From: The Natural Philosopher <a@xxx>
- Date: Wed, 19 Sep 2007 10:34:22 +0100
Adam Baker wrote:
On Sep 18, 9:49 am, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:Adam Baker wrote:On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:Every process in the machine runs under a specific user. That's whatAdam Baker wrote:Thanks for your reply. I am quite ignorant here, so I will see whetherHello,The only one doing the writing will be the Apache user itself. The
I'm writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I'd like to validate the "editors"
using PHP, cookies, etc.
The question is what file permissions I need to allow for the
content to be writable by my PHP script. Do I really need to give
write permissions to the "other" group. Are all wikis really that
vulnerable? (yes, I know that's the point, but for restricted wikis,
for instance...)
Thanks,
Adam
system doesn't know or care who is using the editor - that's completely
between Apache and the user.
And beware that unless you implement your own security, any of those
people will be able to edit any of the files.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@xxxxxxxxxxxxx
==================
I can even ask a coherent follow-up. So the PHP script is run by the
Apache user. Is that the user that owns Apache, or a special username?
It would seem, then, that I would want to give rwx permissions for the
content files to that user alone (and myself), not do a chmod 777. Is
that right?
Thanks,
Adam
determines the permissions available to the process.
No one "owns" Apache. There is a user (or even more than one) which
owns the files Apache uses to run. And there is a user for the Apache
process. They may or may not be the same.
And chmod to 777 is highly dangerous - it allows anyone on your server
to read and write to your files. It should never be done if you value
those files, IMHO.
Rather, you should set up the users and groups to provide the
appropriate permissions, then set the file permissions accordingly.
I'd suggest you get a book on Linux Administration. It will help you
with a lot of different things. And I'm not being sarcastic about the
suggestion; learning some of the basics of Linux administration will
help you understand a lot of this better - it can be quite confusing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@xxxxxxxxxxxxx
==================
Is there a good Linux book you could recommend? I don't think I've
ever read anything about Linux that didn't presuppose a LOT of
background knowledge.
You cant go wrong with most O'Reilly books. I think there is one on linux system administration...
.
Thanks,
Adam
- References:
- File permissions for a wiki-like site
- From: Adam Baker
- Re: File permissions for a wiki-like site
- From: Jerry Stuckle
- Re: File permissions for a wiki-like site
- From: Adam Baker
- Re: File permissions for a wiki-like site
- From: Jerry Stuckle
- Re: File permissions for a wiki-like site
- From: Adam Baker
- File permissions for a wiki-like site
- Prev by Date: Re: File permissions for a wiki-like site
- Next by Date: Re: File permissions for a wiki-like site
- Previous by thread: Re: File permissions for a wiki-like site
- Next by thread: Re: File permissions for a wiki-like site
- Index(es):
Relevant Pages
|
