What about folders and non-cgi files? Can they be set to 777? UBB's instructions call for several non-cgi files to be set at 777 as well as the cgi-bin folder and the ubb folder. What about these; is this allowed?

I'm getting Internal Server and Premature End of Script errors and can't help but believe it is because the permissions required by UBB instructions are not allowed on this server. I have followed the instructions so closely and carefully it is difficult for me to believe I have made an error that would cause this.

Do not chmod your cgi-bin folder to 777. The Apache suEXEC wrapper will see this as a security hazard, and cause a 500 error every time. Go ahead and chmod the non-script files to 777, as long as they arent in the cgi-bin.

<more explaining>
Terra (aka ccTech, SysAdmin, co-owner) is running a highly modified version of suEXEC in order to make this server run absolutely perfectly *s*. What it does (aside from being pure magic) is it prevents scripts from other domains from messing with files on your domain (eg a script in my cgi-bin cannot write to files in your account). Because of that, there is an added bonus: Every script you run under your domain runs as your ID (most servers run scripts as user:nobody). That means that your scripts are allowed to use your files, as Apache thinks that your script is actually you. In other words, upload it all, chmod everything in the cgi-bin to 755, and run the thing. It should work dandily http://www.aota.net/ubb/smile.gif

<added note>
The reason UBB wants the cgi-bin chmodded 777 is so the setup script(s) can write/modify the files in it, so you don't have to edit the real files by hand. Because of Terra's wrapper, those scripts already are allowed access to those files, therefore chmodding is virtually irrelevant (sp?).
</added note>
</more explaining>

If this didn't help, or caused more confusion, or anything, let me know and I'll help you out.



------------------
Del
www.downinit.com/ (http://www.downinit.com/)


[This message has been edited by Del (edited 12-29-98).]

Thanks for your quick answer.

Do you guys ever sleep?

ROLF! Nope: (well ok we do.. but we try not to allow that part to be noticed too often http://www.aota.net/ubb/smile.gif

Let us know if Del's answer fixes it for you or not... there are quite a few sites running the UBB on the server right now...

Everything inside Cgi-bin including the directories/folders -- chmod 755

For the files outside the cgi-bin (non cgi folder) -- chmod 777

Deb

The UBB's instructions *DO NOT* take into account the sysAdmin's out there that build their servers right to begin with... The UBB almost forces you into using mode 777, which is very bad security... It allows people to snoop through your members directory snagging passwords AND the ability to change any file in there as well...

I was so upset about his methods that I started the *domain lockdown* beta to curb this problem... I knew I couldn't change everyones code to use more secure permissions so I attacked the problem at the system level...

I guess he got so tired of support emails due to the permissions that he took the easy way out and started using 777 for many things... This is bad, *very bad*... Also, as Del stated - our suEXEC wrapper won't allow such scripts to run with these b0rked permission settings because it really is a huge security flaw...

There are some minor adjustments our FQuest site owners need to make to run the UBB, but as you can hopefully tell - it is in your best interest to do so...

--
Terra
sysAdmin
FutureQuest

------------------
www.FutureQuest.net (http://www.FutureQuest.net)
--FutureQuest goal: (10x+8)/(x+1)=9.99--
--The best way to predict the future is by inventing it--

Very good explanations about permissions! Thought I understood this already but now I know I didn't.
This will no doubt save me some future grief and explains why some of my scripts “stumbled” before.
Thanks everyone... http://www.aota.net/ubb/smile.gif

------------------

I sure do appreciate your comments and your commitment to stronger security. I have been in the service business all my life and have found by experience that sometimes, the most reputable and well-known products/services have the most absolute worst design flaws.

I have learned you don't have to have a good product to outsell the best, only the best marketing system.

I sure wish I knew more about this stuff; I would volunteer a UBB installation manual unique for FutureQuest to save others the grief I've suffered the last week getting UBB to run.

Again, thanks.