[Clipart] 0.15 Release
Jeremy C. Reed
reed at reedmedia.net
Thu Jul 7 10:28:16 PDT 2005
On Thu, 7 Jul 2005, Nicu Buculei wrote:
> the problem is as this: the web server is the one writing files on disk, no
> naturally, Apache is the owner.
> for us to be able to modify them, a chown must be made either by a superuser
> or by the user as which Apache runs.
> I don't know enough Perl to say if is possible from the upload script to
> perform a chown/chmod but I would expect so.
The apache should use suexec (or some cgi wrapper) because now different
(freedesktop.org) projects can modify each others data.
Also, chown will not work. A non-root user can't change a file to be owned
by someone else (imagine someone chowning files to fill up someone else's
quotas, to bypass quotas, or to point blame to someone else for malicious
files).
One workaround would be to have the CGI not save the file, but to login
and upload it or mail it locally.
Jeremy C. Reed
BSD News, BSD tutorials, BSD links
http://www.bsdnewsletter.com/
More information about the clipart
mailing list