Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ModPerl>
  3. ModPerl
Apache::ASP [drwxr-x]
wouter at aitsh
Feb 17, 2000, 1:43 PM
Post #1 of 3 (1404 views)
Permalink
I have set the temp dir to /opt/guide/www.domain.com/temp [ie. my 'home'
directory]

Apache-ASP-0.18 automatically creates a directory server, asp and 31 in it.
31 and server are chmodded drwxr-x [750 ?]
asp is chmodded drwxrwxrwx. In it, two directories : server and da. Both
chmodded drwxr-x

I can't remove them myself, so everytime I want to 'clean up the mess', I
need to ask the sysop of my hosting provider.

Is this 'normal' ? Or is there a solution for, etc ?

Thanks in advance,

--
Wouter de Jong
Advanced IT Services Holland
http://www.aitsh.com
Re: Apache::ASP [drwxr-x] [ In reply to ]
joshua at chamas
Feb 17, 2000, 5:05 PM
Post #2 of 3 (1343 views)
Permalink
Wouter de Jong wrote:
>
> I have set the temp dir to /opt/guide/www.domain.com/temp [ie. my 'home'
> directory]
>
> Apache-ASP-0.18 automatically creates a directory server, asp and 31 in it.
> 31 and server are chmodded drwxr-x [750 ?]
> asp is chmodded drwxrwxrwx. In it, two directories : server and da. Both
> chmodded drwxr-x
>
> I can't remove them myself, so everytime I want to 'clean up the mess', I
> need to ask the sysop of my hosting provider.
>
> Is this 'normal' ? Or is there a solution for, etc ?
>

Apache::ASP creates dirs with 0750 and state databases with
0640 to prevent other users on your system from being able
to read what may be sensitive data stored in these files.
This also precludes others from writing to your files,
unless they are using the same web server.

What are the security issues on your system ? If its
a shared system, the only thing that will be safe
is for you to run your own web server under your user
name, and have your sysadmins point to it with a proxy
on the front end. If the system is not shared, then you
should have root access, or the primary web server can
still be run under your user name.

Any other ideas ? I'm not a shared system, multi-user pro,
so others may have better ideas here.

-- Joshua
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks >> free web link monitoring Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
Re: Apache::ASP [drwxr-x] [ In reply to ]
joshua at chamas
Feb 17, 2000, 5:24 PM
Post #3 of 3 (1355 views)
Permalink
plindner@redhat.com wrote:
>
> Joshua,
>
> I've modified apache::asp to write out everything group-writable. I
> then put my users in the same group as the web server so they can blow
> away the state directory if they want.
>
> However this is becoming irrelevant since we're moving to a dedicated
> web server process for each user. In that case each user will own their
> session state files.
>

Paul has a good idea here, but should I have this be the
standard way Apache::ASP deploys ? I believe that its
better to have security set as strict as possible from
the outset, but it may be that in every instance people
could think of, that a common group should have write
access to the web server files by default. Anyone out
there that has special feeling about installation defaults
& security settings ?

I don't mind people going into the source to have to
modify this behavior, as the fewer configs the better
and this is one that you have to really think about,
but I would like the source to reflect the common case
scenario.

-- Joshua
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks >> free web link monitoring Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal