Re: Proper Permissions

In article <1103738110.48522@nntp.acecape.com>, daniel kaplan wrote:

>I am need of some help with permissions. Essentially I have some perl
>scripts that create a new folder everytime a new user is created.

We call them 'directories' no folders (a term windoze stole from Apple)

>That script sets the permissions, but am confused as to which are the
>"correct" permissions to set....right now I am just using 777 since this is
>a prototype, but i just hate that, and not knowing to boot.

With the exception of /tmp/ (and /usr/tmp and /var/tmp), there should
NEVER be anything with mode 777.

>what I would like is for every new user created, create the following
>structure in an existing folders called USERS

[snip illustration]

>The script would create NEWUSER, and within it create TEMP and APPROVED

That's easy

>and I would like the rights to be so that anyone can write to TEMP but not
>read and anyone can READ from APPROVED but not write.

What POSSIBLE reason would you want anyone to be able to write to a users
directory structure? The TEMP directory would need -rwx----w- while
the APPROVED directory would be rwx---r-x but this is (politely) insane.

>Would appreciate any links, clue etc.

man chmod

I'm setting both directory so that the owner has all rights, the group
that the owner belongs to has none (because you didn't define anything
about the group). The 'others' permission of -w- gives anyone the
right to write there, but they can't read, or stat the directory. The
'others' permission of r-x gives anyone the right to read the files and
the right to use the 'ls' or 'dir' command.

These permissions are very strange - and probably quite unsafe. I can't
imagine any circumstance where this should be permitted, as it is a
security nightmare in the making. What on earth are you trying to do?

Old guy

"Moe Trin" wrote in message
news:slrncsmu2i.dbi.ibuprofin@compton.phx.az.us...

> These permissions are very strange - and probably quite unsafe. I can't
> imagine any circumstance where this should be permitted, as it is a
> security nightmare in the making. What on earth are you trying to do?
>
my train of thought was this...a user on my system wants to post photo's of
him/herself. so in the temp directory, from a web browser (i should have
stated that) that user goes to a form, which using my perl script, deposits
the phot into a folder that can only be written to. but not read.

once i approve that photo, i move it to the nontemp directory, where it is
read only and can be seen by any webbrowser...

hope that better explains it

This is web based.

Try using Copermine. It's a web photo gallery and you can have it emai
you when a user uploads a file to the server so that you can approv
it.

Hope it helps
Joe

-
DriverJC - But...Why is the Rum Gon

G.I. Joel - SSgt of Marines
"Jedi Techie and Master of All That is Windows... and Some Thing
Linux"

- The problem with the world is stupidity. Not saying there should be
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?

- The views expressed in this E-Mail do not necessarily reflect th
views of the United States Marine Corps, the United States Federa
Government, or anyone in particular. Disclaimer Void where Prohibited
Taxed, Licensed, or Generally Disapproved of, your mileage may vary
Don’t Drink and Drive, Fly, Ride, Boat, Swim, Stand, Walk, or anythin
that requires movement
-----------------------------------------------------------------------
DriverJC's Profile: http:/linuxcult.com/forum/member.php?action=getinfo&userid=1561
View this thread: http://linuxcult.com/forum/showthread.php?threadid=833

"DriverJC" wrote in message
news:1103920393.c5b59b863c3e7853f7cbba69f360e481@t eranews...
>
> This is web based.
>
> Try using Copermine. It's a web photo gallery and you can have it email
> you when a user uploads a file to the server so that you can approve
> it.

thanks joel, but am trying to build my own system. i have seen setup like
this in many networks, WRITE ONLY, READ ONLY etc. just when playing with
the permisions the wrong , i am able to make it so my ftp viewer can't
enter/view a directory...so just trying to straighten it all out.

thanks tho

In article <1103854978.982638@nntp.acecape.com>, daniel kaplan wrote:

>my train of thought was this...a user on my system wants to post photo's of
>him/herself. so in the temp directory, from a web browser (i should have
>stated that) that user goes to a form, which using my perl script, deposits
>the phot into a folder that can only be written to. but not read.

OK - but you would normally put it so that only the owner can drop the
stuff there, so that would really want permissions 700. There is a similar
configuration used for returning homework assignments. The instructor creates
a directory that the students can write to, but not read or execute. The trick
here is that there is a daemon that monitors the directory, and as soon as
something is deposited there, the daemon moves it to another directory
where the students can't access. The most common setup is that the
directory is owned by the instructor and the group "students", and has
permissions 720 - meaning that members of the group 'students' can write
there, but no outsiders. The damon that moves the file (to reduce the
window of sabotage) also changes permissions and ownership as needed. This
also reduces the chance of becoming a warez storage point.

Another technique might be for your perl script to run as a group that
has permission to write to the directory, and creates the file with the
ownership of the photo supplier. Your script has the right to write, but
the owner of the photo need only fill in the appropriate block indicating
ownership. After approval, you can then move the photo to the appropriate
directory, and perhaps change the 'group' ownership to something more
appropriate.

Old guy

Re: Proper Permissions - Linux

Thread: Re: Proper Permissions

LinkBack

Tools