[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] groups and permissions in web server - update access to file

Subject: RE: [cobalt-users] groups and permissions in web server - update access to file
From: "Jim Carey" <ozbcoz@xxxxxxxxxxxxxxxx>
Date: Mon Jul 17 06:08:40 2000

thanks Steve

Jim Carey

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Steven Werby
Sent: Monday, 17 July 2000 10:56 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] groups and permissions in web server -
update access to file

Jim Carey <ozbcoz@xxxxxxxxxxxxxxxx> wrote:
> I have a file that I want all of my sites to be able to read - so I have
> placed
> that file in /home/direct/file
>
> Now I would like to be able to use a PHP script to update the file. How
can
> I
> set up permissions, ownership etc  so that I can update this file via a
> browser
> - is this possible  without necessarily making it chmod 777 - I would like
> some control over who can write to it but I want the update from a browser

You have several options.  Apache is run as the user httpd and since you
probably
have PHP installed as an Apache module all of your PHP files run as httpd.
To make a
file writable by PHP you need to make it group writable or make it owned by
httpd and
owner-writable.  For increases security over the web you can:

1. put the PHP page that writes to the data file in a protected directory
using
.htaccess
2. give the data file a unique extension like .dat and then put a section in
your
server config file like the following so it's not reable over the web:
<Files "\.dat$">
Order allow,deny
 Deny from all
</Files>
3. put the data file in a directory outside the web root so no one can get
to it
directly via the web

You could also have the PHP webpage write to a staging data file and email
you
whenever it's executed.  Then you could manually copy the staging data file
to the
production data file, have a script that you execute that does so or a cron
job
script that does so automatically at specified intervals.  You could also
install a
second copy of PHP as a binary.  This copy of PHP can be run from the
commandline
like Perl (might not be of value in this case) and allows you to run your
PHP script
as the user who owns the script.  Then you can make the data file chown 700
and owned
by the same user and no one else can touch it from the shell.

Steven Werby {steven-lists@xxxxxxxxxxxx}

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- Re: [cobalt-users] groups and permissions in web server - update access to file
  - From: Steven Werby

Prev by Date: Re: [cobalt-users] Webalizer .pkg from cobalt
Next by Date: [cobalt-users] ld-linux.so.2 and PGP
Previous by thread: Re: [cobalt-users] groups and permissions in web server - update access to file
Next by thread: [cobalt-users] PHP Install

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index