Apache write permission issues to another user owned directory
Hi
I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which does not have access to /mydirectory
/mydirectory is owned by user "prd", i changed /etc/apache2/uid.conf as below and restarted apache and everything works perfect
My concern - Executing apache process as prd which is sudo user is smelling fishy and alternately i dont want to add wwwrun to prd group giving access to all wwwrun process
Any recommendations is highly appreciated - thank you
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)
Hi,
The requirement is like,
the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS.
Can any one please suggest some points to... (1 Reply)
is is possible to grant user access to only one subdirectory? example
a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group)
$ cd /etc/mydir
$ls
file1 file2
$ls -al
-rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1
-rw-rw-r-x 2 unixguy uguys 96 Dec 8... (1 Reply)
I've tried to figure this out.
I'm only about 6 mos into my AIX admin duties, but I've got a "security" problem I can't figure out.
I've created a sub directory as follows:
drwx------ 2 root system 256 Apr 13 16:02 mike
I've logged in another session with the following user:
$ id... (2 Replies)
Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter.
any body can help me to explain what is that mean?
thank's (1 Reply)
In our project we have several unix scripts that trigger different processes. These scripts write logs to a particular folder 'sesslogs', create output data files in a separate directory called 'datafiles' etc. Usually L1 support team re-run these scripts . We donot want L1 support team to have... (14 Replies)
Hi All,
We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
-r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat
So here amgr will have permission to edit the file. We want a... (10 Replies)
logMsg='Started by '${USER}
LOG_MESSAGE "${logMsg}"
resultCode=$?
if ]; then
return ${resultCode}
fi
touch ${FILELISTPATH}
resultCode=$?
if ]; then
logMsg='failed to create file list:'${FILELISTPATH}
LOG_ERROR "${logMsg}" CUSTOM_PREPROCESS ${FATAL}
... (2 Replies)
I have built a website and I can access and edit the website'files on server via the root user. The current file and directory structures are not changeable. Now I am hiring a webpage designer to help me re-design some pages, I am going to let the designer edit the files directly on the server. So... (5 Replies)
Discussion started by: uwo-g-xw
5 Replies
LEARN ABOUT REDHAT
upsset.conf
UPSSET.CONF(5) Network UPS Tools (NUT) UPSSET.CONF(5)NAME
upsset.conf - Configuration for Network UPS Tools upsset.cgi
DESCRIPTION
This file only does one job - it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run
until this file has been properly defined.
SECURITY REQUIREMENTS upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every
request. Such is the nature of CGI programs.
Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the ACCESS/ACL directives in your
upsd.conf(5) file and hopefully local firewall settings in your OS.
Since upsset runs on your web server, it could provide a passage from the outside to the inside, bypassing any firewall rules or upsd
access control limitations, since it appears to be coming from the web server. This is why you must secure it first.
On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess
method:
<Files upsset.cgi>
deny from all
allow from your.network.addresses
</Files>
You will probably have to set "AllowOverride Limit" for this directory in your server-level configuration file as well.
If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file:
I_HAVE_SECURED_MY_CGI_DIRECTORY
If you lie to the program and someone beats on your upsd through your web server, don't blame me.
SEE ALSO upsset.cgi(8)
Internet resources:
The NUT (Network UPS Tools) home page: http://www.exploits.org/nut/
NUT mailing list archives and information: http://lists.exploits.org/
Tue Jul 30 2002 UPSSET.CONF(5)