On Thu, Sep 26, 2002 at 11:16:46AM -1000, Korthrun wrote: > The file name is /usr/local/apache/htdocs/fooness.cfg > The script runs from /usr/local/apache/cgi-bin/add_mrtg.pl > the string I am using is: > system "perl -p -i -e 's!############ END DSL BUSINESS ACCOUNTS > #############!$profile\n############ END DSL BUSINESS ACCOUNTS > #############!g' /usr/local/apache/htdocs/mrtg/fooness.cfg"; > $profile is defined eariler in the script. > the apache error log says: > > Can't remove /usr/local/apache/htdocs/mrtg/fooness.cfg: Permission denied, > skipping file. > > I have played with chown but the fact is "nobody" can't chown a file > that belongs to "root". For grins I did: > > chown nobody:nobody ./fooness.cfg > chmod 666 ./fooness.cfg
Ok, let me get this straight. As the user 'nobody' you're trying to modify the contents and/or attributes of a file owned by another user, namely 'root'. Did you expect this modification to work? If so, why? Are you unfamiliar with Unix? There is no way 'nobody' is going to be able to modify the attributes of a file not owned by 'nobody'. If you want 'nobody' to be able to modify the contents of the file then 'nobody' will either need to be made owner of the file by the current owner, or the current owner has to make it writeable to a group 'nobody' belongs to, or everyone. Also, if this file is of any importance, making it writeable by 'nobody' is a security risk. 'nobody' is supposed to have the least privilege on the system, and your web server apparently runs as the user 'nobody', so anybody else with CGI access will be able to modify this file. I shouldn't need to mention the even greater security risk involved in giving write permission to everyone, as chmod 666 fooness.cfg would do. The best solution is to use a CGI wrapper, such as cgiwrap or suexec, to run the CGI script as another user. This other user should be the only user with write access to the file. Michael -- Administrator www.shoebox.net Programmer, System Administrator www.gallanttech.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
