View Full Version : chmod 666, sounds demonic. :)
auteur
05-05-1999, 11:08 AM
I am installing a simple story script to use for an online journal.
It states to set the bookfile.html at chmod 666 to be writeable by the web server.[nbsp][nbsp]And the makebook.html must be set at chmod 664 or 644 in order for this script to work?
The FQ Manual says only 755 not 775 or 777...it doesn't say anything about sixes.
Can I use this script with this server?:) or no. :(
------------------
Elizabeth M. Miller
Getting You the Attention You Deserve!
[nbsp]www.123marketing.com (http://www.123marketing.com)[nbsp][nbsp]
[This message has been edited by auteur (edited 05-05-99)]
Yup, it'll work on FQuest just fine. If it's just living in regular webspace (eg in the /www directory) just upload it and go. Due to Andrew's snazzy suEXEC wrapper, all your scripts execute as you so the files they write to don't need any special permissions.
On that same note, everything in the cgi-bin should be chmodded 755, even the files that need to be writeable should be 755 if they're in the cgi-bin. Again this is due to the suEXEC wrapper. Just for general knowledge, you don't really even need to chmod most things that go in the cgi-bin, as files that look like programs are auto-chmodded (for example if they end in .cgi or .pl).
Del
jenili
05-11-1999, 02:32 AM
Elizabeth, because of the nice way FQ is configured, you don't have to chmod bookfile.html and makebook.html to 666 -- you can get away with 644. An explanation of what those numbers mean comes later in this message.
666 *is* demonic -- it means any user can change the file. I like to chmod my files like this on FQ, mainly because I can:
CGI *data* not delivered directly by the Web server: 600 (owner read/write)
CGI program under development: 700 (owner read/write/execute)
CGI program in production: 500 (owner read/execute)
We can do this on FQ because of suExec: It changes its userid to "be you" before it runs your CGIs. So no other user has to have access to the CGIs or the files they read from and write to, except in the case of a guestbook or something like that where the Web server delivers the resulting file without calling a CGI to do it. Once I'm through fiddling with a script, I like it to be unwritable just in case some other CGI of mine could possibly be subverted to try and modify the script to do naughty things. It's a slim chance, but one best practice in security is to give the least permission required to do the job. For similar reasons, I like to keep all of my application data in a separate directory -- one that's not executable (because my programs, and therefore my users, will write to it) and that's not within the www directory (because I may not want users to be able to get to it directly).
In your case, Elizabeth, one can reasonably infer that bookfile.html and makebook.html are static HTML files that the CGI edits and the Web server delivers directly. In which case the Web server has to be able to read them, so they have to be within the www directory and 644 is the magic number for you.
Here's a quick run-down on file permissions and what the numbers mean.
You have a 3-digit number there. The first digit is the permission the file's owner has. The second digit is the permission the associated group has. The third digit is the permission everybody else has.
Now, each digit has a value from 0 to 7. You can determine that value by starting with 0 and then adding:
4 if the user can read the file
2 if the user can write to the file
1 if the user can execute the file
Say, for example, I have a perl script that *I* can do anything to, and my group can run the script but not change it, and everybody else shouldn't be able to see it. Its chmod would be 750.
7 = 4 + 2 + 1 for me
5 = 4 +[nbsp][nbsp][nbsp][nbsp] 1 for the group
0 =[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] for the world
When I look at it using ls -al, I'll see an entry like this:
- rwx r-x --- (spaces added for clarity, usually it's all pushed together). The script would be readable as well as executable to the group because it's a script (interpreted) rather than a binary (executed), so they have to be able to read the file in order to interpret and run it.
There's more to it than that, but that's all you'd need about 99% of the time.
HTH. jeni
Terra
05-11-1999, 09:19 AM
Bravo Jenili!
very good explanation and usage thereof...[nbsp][nbsp]:)
BTW -- what does 'HTH' mean?
--
Terra
--Been locked in the coding closet way too long!--
FutureQuest
hearts
05-11-1999, 11:34 AM
What is the difference between group and others (the world)? Who is in this group? How do you determine who is the group?
Just hadta ask!
---------------
hearts
-----
Do a ls -l
You'll get something like:
-rw-rw-r--[nbsp][nbsp] 1 pier[nbsp][nbsp][nbsp][nbsp] xweirdpi[nbsp][nbsp][nbsp][nbsp] 3189 May 11 10:58[nbsp][nbsp]foo
first one (pier in my case) is you, second one is the group.
On FQ it doesn't mather much (everybody has it's own group), but on other systems, the second one is mostly 'users' or something like that, thus allowing everybody to write that file...
Pier
Terra
05-11-1999, 07:39 PM
BTW -- what does 'HTH' mean?
Blah, just had a brain cramp!
Either:
1) Hope this helps
or
2) Hope that helps
Ok, I feel better now...
--
Terra
--Honorary recipient of the Blues Clue award--
FutureQuest
Check out
http://www.AcronymFinder.com/af-query.asp?Acronym=hth&String=Off
HTH[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Hand To Hand combat
HTH[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Happy To Help
HTH[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Hope This Helps
HTH! :)
- Stan
vBulletin® v3.6.8, Copyright ©2000-2009, Jelsoft Enterprises Ltd.