Getting the name that the Web User runs as

B

blazingbiz

Verified User
Joined
Mar 19, 2005
Messages
49
Location
San Jose CA
Hi,

I'm installing a program and in it's instructions it says to set the permissions of the directory it writes to 770 to have this work I need to have the Web User that the scripts run as set to be part of the group with the 7 permission, in the instructions it says that this is usually "nobody" on the system but I tried that and it also says to look in the http config file for apache which says that the server runs as "admin" and I tried that, too. Both don't work, I left the directory at 777 and it works that way but is unsecure. Any suggestions?

By the way, what is the shell command to delete a file. I SSHed to my server with putty and I started to use vi to create a file, it wouldn't let me exit and I couldn't get the hang of it so I created a big mess of a file trying all different kinds of keys and now I have a big mess of a file in my directory with root as the owner so I can't delete it with my DA panel.

Any quick vi tips and commands?
 
man vi or really I would just use a different editor till you get the hang of it. Do a google on vi tips/tutorials etc and you will find plenty.

to delete a file use rm there are several options/switches that may be needed at times so, man rm

The web server is usually run as httpd or www for the user/group so you could chown the files to be owned by the current user and be in the httpd ) or whatever your server runs as) group. Then the 770 would work I bet.

run a top and look at the process lists and I bet you can pick out the web server.

remember man is your friend (by the way, man is a command and it displays manuals).

Good luck :)
 
Thanks for the help

I actually found a Linux book in my library with some good Shell and Vi tutorials, I did the man command but got overwhelmed with reading from the command prompt too much, I just started shelling on Tuesday and learned to navigate it.

What is doing "a top" ?

Also in the instructions for this smarty install it talks about doing chown nobody:nobody when I read the tutorial in the book it mentioned the chown command but not with the name:name parameter just name

I'm thinking of setting up all my web pages so that scripts do everything and keep all my stuff in folders outside the web root and let my web page scripts get the content to display it in the web. That way all my content would be in directories set to 760 outside the web tree and my scripts would run with a "../path to file" to get assets.

Is that a good idea or any issues with that anyone can think of?

How can I add multiple users to be in the group that has the 6 permission to these directories?
 
A top usually refers to the 'top' command.
But in this case, wouldn't a 'ps aux' also reveal the required information ?

Note: use q to get out of top :).

Vi(m) quickstart:
start by: vi <filename>
Press insert to start typing, press Escape to stop.
Type :w to write to file (does not work while in type mode). Type :wq to write and quit, type :q to quit, type :q! to force quit.

Which program is the program in question ?
 
top lists information about what is running, server load etc. Yes a ps would show the process list and give him the info he asked for also.

chown name:name filename would set the owner and group of the file filename to name and name. So if you wanted the file wayout to be owned by brad but be part of the httpd group do chown brad:httpd wayout

now you can set the perms to 774 and brad and the web server have full access to the file and everyone else has read only.

You can have files in directories outside the web root and it can be good for security, it adds some complexity to the programming.

make a group and add that group to all the people you want to have access to the file.
 
On linux the browser should run as httpd.

But DirectAdmin may require that cgi files run as the username of the user who owns the site. I know this creates problems for Mambo; it may for your program as well.

Jeff
 
Good discussion going

Ok, thanks for the all the help.

Does it matter which directory I'm in when I run the commands top or ps, to see what the server runs as?

How do I add people to groups?

I'm installing Smarty on my server, the php template generator.

I'm thinking of installing all my php scripts like that for security, let them run on a php folder outside the web root.
 
To answer Jeff

I ran it as user admin and group admin and that doesn't work, I believe that the owner of the site is admin. I tried root, too, that didn't work either.

I haven't got back into the Shell since I tried but probably will tomorrow.

One thing throws me off is when the owner of the directory is the user that created it, don't all the files inside that folder have the same permissions by default as the directory? I know one can change the files indiivdually, but it gets confusing - I create the php files in DA or upload them from Dreamweaver, I think if i changed the directory permissions before that that the files will be set to those permissions unless I change them individually, so the way to do this would be to set the group of each directory I have php scripts in to the web server user or at least the script files in them and do that for each script. Know if I have an interactive script like a file upload, I have to make sure to strip out any control characters and have magic quotes turned on to take care of the backtick that hacker might put in the form fields, because if I have the directory set to executable for the web user, any command lines through a php processed form would be a hole, I think. I was also thinking that if I let people upload images, that a hacker might upload an image with a virus or something in the binary, if the folder where I put the upload in was executable by the group that I set to be the web server I think that would allow for the virus or whatever to work on the server. Is there a module or something that can scan uploads for mal code in php scripts that anyone knows about?
 
You must log in or register to reply here.
Back
Top