[Clipart] 0.15 Release

Jeremy C. Reed reed at reedmedia.net
Thu Jul 7 10:28:16 PDT 2005


On Thu, 7 Jul 2005, Nicu Buculei wrote:

> the problem is as this: the web server is the one writing files on disk, no 
> naturally, Apache is the owner.
> for us to be able to modify them, a chown must be made either by a superuser 
> or by the user as which Apache runs.
> I don't know enough Perl to say if is possible from the upload script to 
> perform a chown/chmod but I would expect so.

The apache should use suexec (or some cgi wrapper) because now different 
(freedesktop.org) projects can modify each others data.

Also, chown will not work. A non-root user can't change a file to be owned 
by someone else (imagine someone chowning files to fill up someone else's 
quotas, to bypass quotas, or to point blame to someone else for malicious 
files).

One workaround would be to have the CGI not save the file, but to login 
and upload it or mail it locally.

  Jeremy C. Reed

  	  	 	 BSD News, BSD tutorials, BSD links
 	  	 	 http://www.bsdnewsletter.com/



More information about the clipart mailing list