Welcome to WebmasterWorld Guest from 100.24.122.228

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

file permissions

apache cron

     
12:25 am on Dec 22, 2006 (gmt 0)

New User

10+ Year Member

joined:Dec 22, 2006
posts:1
votes: 0


OK I have a site that allows people to edit content and upload pictures.

I also have cron jobs that upload pictures, and purge the database.

The problem is that my sever company have Apache running as nobody, and all my crons run as 'scott' - this means when someone upload stuff through the web, I can not delete it with cron.

their solution was to use phpsuexec - did that and found out you can not run APC or Eaccelerator that way.

So I asked them - how do all the other sites in the world have users upload pics and have cron purge the system. They just told me "there is software out there to do that" that did not really help me much.

Any ideas? They say if they run apache as 'scott' then all files will be writeable by all web users using apache and this is a security risk.

I have a managed dedicated.

Any ideas on what to do next?

Thanks
Scott

4:18 pm on Dec 22, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 19, 2005
posts:44
votes: 0


Have the upload program set the permissions to allow this.

For example, when you're upload program stores the file, it's owned by "nobody". Right after saving the file, have it set the permissions to 666. This makes it writeable by other users on the system. Then when a cron job owned by "scott" comes along, it has permission to delete the uploaded files owned by "nobody".

I happen to do this in Perl scripts (which is another forum). How you do this just depends on how your upload program is written.