getting around a permissions problem

Re: getting around a permissions problem

Mike Wasilewski (mlmw@bellsouth .net) wrote:
: I created a (real estate) site which has an area that is used by the agent
: to post and edit property listings. They have the ability here to upload
: pictures.

: If the listing is new, it is assigned an ID, info posted to database and a
: directory created using the ID to hold the uploaded pics.

: The problem I have is that when they add a listing and the directory gets
: created, it is uid/gid apache/apache, and this should work fine for web
: access, however, I also need to make it accessible to the owner via ftp so
: that they can make site changes, etc.

: All of the scripts were uploaded via ftp and have the uid of the owner 10002
: I think and gid of the ftp, etc. grp which is 2522.

: If I try running a script against the directory created while adding the
: listing, I get an error "the program whose uid/gid is 10002/10001 is not
: allowed to access...etc.

: It would seem that after creating the directory I could chgrp it to 2522
: allowing access to it from the web but how can I change the ownership to
: 10002 at the time of creation?

: I am thinking that I might have to run a cron job or something to reset the
: perms on those files and directories.

: Any suggestions would be greatly appreciated.

You could use a suid script. Do _not_ suid to root or anything silly like
that, but to a userid that is able to create the directories and set the
necessary ownerships and permissions.

The program that doesn't have access would then call on that script when
it needs a new directory created. The script must of course check its
input to be sure that is all it can be used for.

$0.02

--

This space not for rent.

Re: getting around a permissions problem

"Mike Wasilewski" <mlmw@bellsouth .net> wrote in message
news:WJGZd.3027 0$Q83.8141@bign ews5.bellsouth. net...[color=blue]
> I created a (real estate) site which has an area that is used by the agent
> to post and edit property listings. They have the ability here to upload
> pictures.
>
> If the listing is new, it is assigned an ID, info posted to database and a
> directory created using the ID to hold the uploaded pics.
>
> The problem I have is that when they add a listing and the directory gets
> created, it is uid/gid apache/apache, and this should work fine for web
> access, however, I also need to make it accessible to the owner via ftp so
> that they can make site changes, etc.
>
> All of the scripts were uploaded via ftp and have the uid of the owner[/color]
10002[color=blue]
> I think and gid of the ftp, etc. grp which is 2522.
>
> If I try running a script against the directory created while adding the
> listing, I get an error "the program whose uid/gid is 10002/10001 is not
> allowed to access...etc.
>
> It would seem that after creating the directory I could chgrp it to 2522
> allowing access to it from the web but how can I change the ownership to
> 10002 at the time of creation?
>
> I am thinking that I might have to run a cron job or something to reset[/color]
the[color=blue]
> perms on those files and directories.
>
> Any suggestions would be greatly appreciated.[/color]

chmod the files to 0777, maybe?

Re: getting around a permissions problem

"Mike Wasilewski" <mlmw@bellsouth .net> writes:
[color=blue]
> I created a (real estate) site which has an area that is used by the agent
> to post and edit property listings. They have the ability here to upload
> pictures.
>
> If the listing is new, it is assigned an ID, info posted to database and a
> directory created using the ID to hold the uploaded pics.
>
> The problem I have is that when they add a listing and the directory gets
> created, it is uid/gid apache/apache, and this should work fine for web
> access, however, I also need to make it accessible to the owner via ftp so
> that they can make site changes, etc.
>
> All of the scripts were uploaded via ftp and have the uid of the owner 10002
> I think and gid of the ftp, etc. grp which is 2522.
>
> If I try running a script against the directory created while adding the
> listing, I get an error "the program whose uid/gid is 10002/10001 is not
> allowed to access...etc.
>
> It would seem that after creating the directory I could chgrp it to 2522
> allowing access to it from the web but how can I change the ownership to
> 10002 at the time of creation?
>
> I am thinking that I might have to run a cron job or something to reset the
> perms on those files and directories.
>
> Any suggestions would be greatly appreciated.[/color]

The issue of permissions with php scripts can be a real problem
when you want folks to upload files. I assume your servers also support
cgi and 'hopefully' runs PERL with suexec (scripts run with their permissions).
It is not "too" bad to have your PHP scripts feed them to a PERL script to
handle the upload. Then permission are okay and security is not a problem.

Have not tried it, but you could also run PHP as a CGI script
and get the same benefit.

Hope this helps.

--
John
_______________ _______________ _______________ _______________ _______
John Murtari Software Workshop Inc.
jmurtari@follow ing domain 315.635-1968(x-211) "TheBook.Co m" (TM)