[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Got that network problem solved, now a new one

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, May 18, 2016 at 10:45:12PM -0500, David Wright wrote:
> I feel I've been warned off commenting here in case I come across as a
> pontificating know-it-all who's insisting that you do everything in
> "My Way" [...]

;-)

Yes, I totally agree with David's analysis here. The problem is
the "mv", and the root is in /opt's permissions. Since the script
didn't change, /opt must have been writable by gene in the past,
and not in the present.

Opt's permissions (04755) are "correct", by default /opt shouldn't
be world writable. You might "fix" your problem by making it so,
but you should know the other side of the deal (is this a public
Web server? What if someone hijacks the Apache -- or one of its
underling CGI scripts and starts scribbling over /opt? Things like
that).

What I'd do

Consider making a subdirectory of /opt dedicated to whatever you
are doing with these scripts and setting its ownership to gene
(start as restricted as possible with that and widen as necessary,
e.g. to make parts of it readable to www-data via the group as your
scripts seem to do already.

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlc9df8ACgkQBcgs9XrR2ka7SQCeJJfj2UGgaMfzHEZ4IH8utE33
KmIAnj1+IXCJuPBiVMHvirRqNDJytD+4
=Q2vv
-----END PGP SIGNATURE-----
Reply to: