Ask a Question related to PHP Development, Design and Development.
-
Wojciech Kocjan #1
Re: TCL as CGI.. or PHP and no CGI? The choice is yours
Phil Powell wrote:
That's actually a bit of a tough one. This is a very common permission> I am having to use CGI script to view files in a particular directory
> (directory has permissions of 755 and has the same ownership as everywhere
> else). I am able to upload the file using PHP, however, I am unable to view
> or list the files because of permission errors.
> [cut]
problem, since your scripts run as www, and not as phil. If you really
want to store the files as phil (which I'm not sure is a good idea), you
can:
1/ run your Tcl CGI scripts via suid tcl interpreter; for example get a
tclkit, make it chmod 6755 - but then, you'll have a security problem,
since anyone clever enough will be able to run your tclkit with his/her
script (and therefore work as phil) - not a good option, IMHO
2/ use a suid starpack, better than 1/, since the script will be
embedded in the interpreter, so noone will run it except you.
3/ write a simple Tcl app that does Tcl_CreateInterp(), Tcl_Init(),
Tcl_FindExecutable() and Tcl_EvalFile(); make it suid
4/ run tclhttpd (on another port) as phil and have tclhttpd serve as
your webserver - I'm not sure if it handles uploads though. Try googling
on that.
5/ ask your system administrator to run PHP scripts as their owner -
this is possible, AFAIR, however I do not use PHP, so cannot help here
--
WK
Wojciech Kocjan Guest
-
is director the right choice?
Hi all. We plan to produce interactive presentations for our sales (which they also can give away on CD to customers) and throw away the old... -
Clumsy choice
Hi, I wrote a script to update some websites based on a template system. The script starts asking the user to choose a site to update: my... -
language choice in RH 9
I am trying to understand how language choice in RH 9 works, in particular in relationship to the locale database. The reason is that some of my... -
Choice of MTA
I don't want to start a flame war, but need some input in order to choose a mail transport agent. The ones of interest to me are primarily sendmail... -
What's the best choice?
I don't think that the Question is Asp Vs XML, but rather Asp with or without XML. Personally, XML seems to me to only add undue complexity when... -
Derk Gwen #2 Re: TCL as CGI.. or PHP and no CGI? The choice is yours
# I still can't list or view the files and I'm completely out of ideas. I
# need for someone to give me a direction to go with this. Do I write a CGI
# script in TCL to view and list the files, or is there still a PHP solution I
# haven't found where the folder can remain the default 755 and can view them
# that way?
One possibility is to use a variation of suexec (set user and exec). The apache
webserver has a form of this, and I think php also does. I also wrote a version
myself: it's not that hard if you can create an setuid root program. It gets
the username and password out of the ozone, encrypts 0, checks it
against /etc/passwd or /etc/shadow, and then does a setuid and exec. The hard
part is trying to do so without letting hackers run amuck on your system.
Another possibility to upload to another drop box folder, and run a daemon that
periodically scans the drop box, and then move/chown/chmod it to where you want
it to really be. I think you should be able to put a 777 folder with a 755
folder, so perhaps you can have a drop box within each folder.
--
Derk Gwen [url]http://derkgwen.250free.com/html/index.html[/url]
We found a loophole; they can't keep us out anymore.
Derk Gwen Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
