[Gllug] Is this right? (Permissions question)
Tethys
sta296 at astradyne.co.uk
Sat Dec 30 12:41:39 UTC 2006
Adrian McMenamin writes:
>It was created as 755 but as I wanted users to be able to write files to
>it but not to do anything naughty like upload a file that pretended to
>be an image and then execute it I changed it to 766 but then found I
>could not actually cd to it - is that right?
Correct. The ability to cd to a directory is controlled by the execute
bit.
>Presumably the safe way to do this is to change ownership to www-data
>and make it 700?
Assuming your users upload files as the www-data user (I'm guessing this
is a Debian thing), but would run them as someone else, then yes, this
would work. Alternatively, why not create a new filesystem for uploaded
data, and mount it noexec?
Tet
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list