[BlueOnyx:01348] Re: CHMOD & SUIDDIR

Rodrigo Ordonez Licona rodrigo at xnet.com.mx
Mon Jun 1 10:51:04 PET 2009


 

-----Original Message-----
From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it] On
Behalf Of Colin Jack
Sent: Lunes, 01 de Junio de 2009 09:34
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:01347] CHMOD & SUIDDIR

I have a bit of a noob question that I hope someone can help with.

We have a VSite that is having problems running under PHP safe mode - even
with Safe Mode GID turned off they are having problems uploading to a folder
(error suggest GID/UID issues). Turning off Safe Mode solves the problem but
as this is not recommended practice, we are looking for a way around it.

Apparently this helps with safe mode. From the 'man chmod' docs:

"4000    (the setuid bit).  Executable files with this bit set will run with
effective uid set to the uid of the file owner. Directories with this bit
set will force all files and sub-directories created in them to be owned by
the directory owner and not by the uid of the creating process, if the
underlying file system supports this feature: see chmod(2) and the suiddir
option to mount(8)."

I am slightly out of my depth here. I have done a CHMOD 4000 filename okay
but not sure how to achieve the MOUNT using SUIDDIR option for the sticky
bit. Everything I try says "can't do that" ... 

[root at server7 web]# mount suiddir uploaded_photos
mount: special device suiddir does not exist

I obviously needed to do more with CHMOD to create the dir but even reading
through the man file and on the web I am still a bit clueless.

... or is there an easier way to achieve this?

Any help and guidance very gratefully received.

Colin


_______________________________________________
Blueonyx mailing list
Blueonyx at blueonyx.it
http://www.blueonyx.it/mailman/listinfo/blueonyx


====================================

We do a differente approach,

We change the ownership of the directory  TO HTTPD.HTTPD

And the script ownership to httpd.httpd,
That way the script can read and write to the directory without problems.

Security implications have been discussed in other posts I think.

Hth

Rodrigo O
Xnet




More information about the Blueonyx mailing list