|
On Tue, Jun 29, 2010 at 2:52 AM, glaskoncILLa <glaskoncilla@electronicflux.com> wrote: >> I'm working on packaging IP network/addresses management application, perl >> CGI's with some HTML and CSS on Mysql. >> I have few questions regarding placing files; >These questions are probably more appropriate to ask in the webapps list. >> - web apps policy is to place files in /usr/share/PACKAGE but that (maybe) >> pulls some security issues. Seems that all dirs and files in /usr/share is >> under root:root ownership. >> Because CGI's must have x permissions beside root, that means I have to give >> x permissions to "others" and that doesnt look very good to me. Question is >> can I change ownership in /usr/share on apache user and if I cant, what will >> be the best place for CGI's? >You'll need to be more specific, why do you need different permissions? Example from my testing VM; -rwxr--r-- 1 root root 2188 Jun 14 20:09 /usr/share/gestioip/about_gestioip.cgi -rwxr--r-- 1 root root 2211 Jun 14 20:09 /usr/share/gestioip/index.cgi -rwxr--r-- 1 root root 10021 Jun 14 20:09 /usr/share/gestioip/ip_calculatered.cgi -rwxr--r-- 1 root root 3139 Jun 14 20:09 /usr/share/gestioip/ip_calculatered_form.cgi -rwxr--r-- 1 root root 4815 Jun 14 20:09 /usr/share/gestioip/ip_checkhost.cgi -rwxr--r-- 1 root root 5687 Jun 14 20:09 /usr/share/gestioip/ip_redinfo.cgi -rwxr--r-- 1 root root 13810 Jun 14 20:09 /usr/share/gestioip/ip_searchip.cgi -rwxr--r-- 1 root root 3130 Jun 14 20:09 /usr/share/gestioip/ip_searchip_form.cgi -rwxr--r-- 1 root root 5489 Jun 14 20:09 /usr/share/gestioip/ip_searchred.cgi -rwxr--r-- 1 root root 3320 Jun 14 20:09 /usr/share/gestioip/ip_searchred_form.cgi -rwxr--r-- 1 root root 4588 Jun 14 20:09 /usr/share/gestioip/ip_show.cgi -rwxr--r-- 1 root root 2209 Jun 14 20:09 /usr/share/gestioip/ip_show_free_range.cgi -rwxr--r-- 1 root root 6960 Jun 14 20:09 /usr/share/gestioip/ip_show_history.cgi -rwxr--r-- 1 root root 10779 Jun 14 20:09 /usr/share/gestioip/ip_show_percent_usage.cgi -rwxr--r-- 1 root root 20777 Jun 14 20:09 /usr/share/gestioip/ip_show_red_overview.cgi -rwxr--r-- 1 root root 7598 Jun 14 20:09 /usr/share/gestioip/ip_show_stat.cgi pointing browser on http://127.0.0.1/gestioip/index.cgi results with; tail -n 2 /var/log/apache2/error.log [Tue Jun 29 21:56:01 2010] [error] (13)Permission denied: exec of '/usr/share/gestioip/index.cgi' failed [Tue Jun 29 21:56:01 2010] [error] [client 127.0.0.1] Premature end of script headers: index.cgi, referer: http://127.0.0.1/gestioip/index.cgi well, I think is obvious what is the issue here, root:root doesnt seems as best choice. >> - application contains several scripts for automatic actualization against >> DNS, OCS inventory tool or SNMP polls against the network device, they can >> be used from command line or from crontab, /usr/bin? >I guess that depends on how upstream has written them. Can you please be more specific? -- >bye, >pabs >http://wiki.debian.org/PaulWise Nenad |