Re: Got that network problem solved, now a new one
On Thursday 19 May 2016 04:14:55 tomas@tuxteam.de wrote:
> On Wed, May 18, 2016 at 10:45:12PM -0500, David Wright wrote:
> > I feel I've been warned off commenting here in case I come across as
> > a pontificating know-it-all who's insisting that you do everything
> > in "My Way" [...]
>
> ;-)
>
> Yes, I totally agree with David's analysis here. The problem is
> the "mv", and the root is in /opt's permissions. Since the script
> didn't change, /opt must have been writable by gene in the past,
> and not in the present.
Apparently true, but it ran just fine, on this install, back on Mar 18,
2016.
> Opt's permissions (04755) are "correct", by default /opt shouldn't
> be world writable. You might "fix" your problem by making it so,
> but you should know the other side of the deal (is this a public
> Web server?
Yes, its the link in the sig.
> What if someone hijacks the Apache -- or one of its
> underling CGI scripts and starts scribbling over /opt? Things like
> that).
That apache2 is running bare bones, I don't use any cgi stuff at all.
I changed it to 0777 long enough to be run, then put it back to 0755.
> What I'd do
>
> Consider making a subdirectory of /opt dedicated to whatever you
> are doing with these scripts and setting its ownership to gene
> (start as restricted as possible with that and widen as necessary,
> e.g. to make parts of it readable to www-data via the group as your
> scripts seem to do already.
>
> regards
> -- tomás
That sounds doable, when I wake again. Thanks Tomas.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: