[Israel.pm] SYSTEM

Mikhael Goikhman migo at homemail.com
Tue Feb 10 15:36:45 PST 2004


On 10 Feb 2004 23:29:55 +0200, Oron Peled wrote:
> 
>      you can chgrp the directory to some special
>      group and make the apache user a member of this group. Than you can
>      have the directory permissions set to 775 and not the horrible 777.
>      You may want to set the SGID bit of this directory (i.e: chmod 2775)
>      to make every file/subdirectory inherit the group membership.

This is the only sane way to work. Running script as root or changing
permissions recursivelly to 777 is very strange at best (make all images
executable?). Files should have mode 664 (or 660 if not public).

However, since the default mask is 022 not 002, this requires some tweaks
to the environment.  I.e. in all your scripts do "umask 2;", in all user
shells (/etc/csh.cshrc, /etc/profile) add "umask 2", configure all
daemons (ftpd, sshd, apache) to use umask 2 as well. Then the directories
with mode 2775 will be automagically shareable for all group members.

Unfortunately, in the real world most of the sysadmins are lazy enough
(or not knowledgeble) to define a proper environment for their users.
They just give the root password to everyone, or periodically chmod 777
when a user calls.

Regards,
Mikhael.

-- 
perl -e 'print+chr(64+hex)for+split//,d9b815c07f9b8d1e'



More information about the Perl mailing list