On Thursday 19 May 2016 04:14:55 to...@tuxteam.de wrote: > On Wed, May 18, 2016 at 10:45:12PM -0500, David Wright wrote: > > I feel I've been warned off commenting here in case I come across as > > a pontificating know-it-all who's insisting that you do everything > > in "My Way" [...] > > ;-) > > Yes, I totally agree with David's analysis here. The problem is > the "mv", and the root is in /opt's permissions. Since the script > didn't change, /opt must have been writable by gene in the past, > and not in the present.
Apparently true, but it ran just fine, on this install, back on Mar 18, 2016. > Opt's permissions (04755) are "correct", by default /opt shouldn't > be world writable. You might "fix" your problem by making it so, > but you should know the other side of the deal (is this a public > Web server? Yes, its the link in the sig. > What if someone hijacks the Apache -- or one of its > underling CGI scripts and starts scribbling over /opt? Things like > that). That apache2 is running bare bones, I don't use any cgi stuff at all. I changed it to 0777 long enough to be run, then put it back to 0755. > What I'd do > > Consider making a subdirectory of /opt dedicated to whatever you > are doing with these scripts and setting its ownership to gene > (start as restricted as possible with that and widen as necessary, > e.g. to make parts of it readable to www-data via the group as your > scripts seem to do already. > > regards > -- tomás That sounds doable, when I wake again. Thanks Tomas. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
