Re: Proper Permissions - Linux

This is a discussion on Re: Proper Permissions - Linux ; In article , daniel kaplan wrote: >I am need of some help with permissions. Essentially I have some perl >scripts that create a new folder everytime a new user is created. We call them 'directories' no folders (a term windoze ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Re: Proper Permissions

  1. Re: Proper Permissions

    In article <1103738110.48522@nntp.acecape.com>, daniel kaplan wrote:

    >I am need of some help with permissions. Essentially I have some perl
    >scripts that create a new folder everytime a new user is created.


    We call them 'directories' no folders (a term windoze stole from Apple)

    >That script sets the permissions, but am confused as to which are the
    >"correct" permissions to set....right now I am just using 777 since this is
    >a prototype, but i just hate that, and not knowing to boot.


    With the exception of /tmp/ (and /usr/tmp and /var/tmp), there should
    NEVER be anything with mode 777.

    >what I would like is for every new user created, create the following
    >structure in an existing folders called USERS


    [snip illustration]

    >The script would create NEWUSER, and within it create TEMP and APPROVED


    That's easy

    >and I would like the rights to be so that anyone can write to TEMP but not
    >read and anyone can READ from APPROVED but not write.


    What POSSIBLE reason would you want anyone to be able to write to a users
    directory structure? The TEMP directory would need -rwx----w- while
    the APPROVED directory would be rwx---r-x but this is (politely) insane.

    >Would appreciate any links, clue etc.


    man chmod

    I'm setting both directory so that the owner has all rights, the group
    that the owner belongs to has none (because you didn't define anything
    about the group). The 'others' permission of -w- gives anyone the
    right to write there, but they can't read, or stat the directory. The
    'others' permission of r-x gives anyone the right to read the files and
    the right to use the 'ls' or 'dir' command.

    These permissions are very strange - and probably quite unsafe. I can't
    imagine any circumstance where this should be permitted, as it is a
    security nightmare in the making. What on earth are you trying to do?

    Old guy


  2. Re: Proper Permissions

    "Moe Trin" wrote in message
    news:slrncsmu2i.dbi.ibuprofin@compton.phx.az.us...

    > These permissions are very strange - and probably quite unsafe. I can't
    > imagine any circumstance where this should be permitted, as it is a
    > security nightmare in the making. What on earth are you trying to do?
    >

    my train of thought was this...a user on my system wants to post photo's of
    him/herself. so in the temp directory, from a web browser (i should have
    stated that) that user goes to a form, which using my perl script, deposits
    the phot into a folder that can only be written to. but not read.

    once i approve that photo, i move it to the nontemp directory, where it is
    read only and can be seen by any webbrowser...

    hope that better explains it



  3. Re: Proper Permissions


    This is web based.

    Try using Copermine. It's a web photo gallery and you can have it emai
    you when a user uploads a file to the server so that you can approv
    it.


    Hope it helps
    Joe

    -
    DriverJC - But...Why is the Rum Gon

    G.I. Joel - SSgt of Marines
    "Jedi Techie and Master of All That is Windows... and Some Thing
    Linux"

    - The problem with the world is stupidity. Not saying there should be
    capital punishment for stupidity, but why don't we just take the
    safety labels off of everything and let the problem solve itself?

    - The views expressed in this E-Mail do not necessarily reflect th
    views of the United States Marine Corps, the United States Federa
    Government, or anyone in particular. Disclaimer Void where Prohibited
    Taxed, Licensed, or Generally Disapproved of, your mileage may vary
    Donít Drink and Drive, Fly, Ride, Boat, Swim, Stand, Walk, or anythin
    that requires movement
    -----------------------------------------------------------------------
    DriverJC's Profile: http:/linuxcult.com/forum/member.php?action=getinfo&userid=1561
    View this thread: http://linuxcult.com/forum/showthread.php?threadid=833


  4. Re: Proper Permissions

    "DriverJC" wrote in message
    news:1103920393.c5b59b863c3e7853f7cbba69f360e481@t eranews...
    >
    > This is web based.
    >
    > Try using Copermine. It's a web photo gallery and you can have it email
    > you when a user uploads a file to the server so that you can approve
    > it.


    thanks joel, but am trying to build my own system. i have seen setup like
    this in many networks, WRITE ONLY, READ ONLY etc. just when playing with
    the permisions the wrong , i am able to make it so my ftp viewer can't
    enter/view a directory...so just trying to straighten it all out.

    thanks tho



  5. Re: Proper Permissions

    In article <1103854978.982638@nntp.acecape.com>, daniel kaplan wrote:

    >my train of thought was this...a user on my system wants to post photo's of
    >him/herself. so in the temp directory, from a web browser (i should have
    >stated that) that user goes to a form, which using my perl script, deposits
    >the phot into a folder that can only be written to. but not read.


    OK - but you would normally put it so that only the owner can drop the
    stuff there, so that would really want permissions 700. There is a similar
    configuration used for returning homework assignments. The instructor creates
    a directory that the students can write to, but not read or execute. The trick
    here is that there is a daemon that monitors the directory, and as soon as
    something is deposited there, the daemon moves it to another directory
    where the students can't access. The most common setup is that the
    directory is owned by the instructor and the group "students", and has
    permissions 720 - meaning that members of the group 'students' can write
    there, but no outsiders. The damon that moves the file (to reduce the
    window of sabotage) also changes permissions and ownership as needed. This
    also reduces the chance of becoming a warez storage point.

    Another technique might be for your perl script to run as a group that
    has permission to write to the directory, and creates the file with the
    ownership of the photo supplier. Your script has the right to write, but
    the owner of the photo need only fill in the appropriate block indicating
    ownership. After approval, you can then move the photo to the appropriate
    directory, and perhaps change the 'group' ownership to something more
    appropriate.

    Old guy

+ Reply to Thread