PERMISSIONS


Permissions are the single largest headache generator in the un*x world. So I wrote this article to help the aspiring webmaster to avoid mental stress and breakdown.

The CGI bin itself must be set to permission 755, as must it's scripts. Anyone may READ a script, and we let the world RUN them, but that's as far as we go.

Now, the per list files IN the list dir must be 666 (BUT 'aliases.tinylist' MUST be 644 for security reasons relating to how sendmail manages sources for it's databases!). As they are only read and written by TL, and do not need execute permission, we don't give it, but the list dir ITSELF must be 777! This is because the system command to examine the directory is a program, and goes into the directory to do a listing of files matching the patern provided, so for the breifest moment it is operating with ~/lists as it's current directory- and if it cannot execute, it can't work. It is limited by those permissions in it's operations. Also, TLpost is run by sendmail, although sendmail gives up it's su priviliges when running alias commands, it nontheless is another identity than nobody, so we cannot operate as 644 permissions on files a script would be when trying to write to a file (such as handling arvhices of traffic) so the files must be 666 mode.

A friendly tip after staying up to 248am chasing a bug.



The worst thing about censorshi...
Electronic Freedom Foundation!05


 

BACK

This file last modified Monday May 05 2003 12 25 AM
ODD#X.XX.02/kdb/XXXXXX.shtml

Peace.