Nichole Bialczyk wrote:
>
> The problem is that I don't know exactly what the problem is. I can write
> to the logfile when I run it in Unix, but not when I try to access it
> from the web. He says that it is more secure to write to our server than
> it is to write to afs. But I can't make it work.
(btw, I'm cc'ing this to beginners-cgi, which is better suited for this
Q)
If you absolutely must have certain permissions set for file output,
you can check out Apache's suEXEC feature, or coordinate with your
sysadmin to make sure the target files are writable by the web process.
Your httpd daemons are run as a particular user and group (typically
'nobody' or 'www') and have that user's permissions to
read/modify/execute/delete files. In order for them to change things,
they either need to own those things (user/group write priv) or the
thing has to be changeable by anybody (other write priv). When I build
a webserver I create special nonpriv'd www/www user/group, that can only
read what they need to read to run, and any CGIs that need to write
stuff (like temp files or tie'd GDBM hashes) will either be run
suEXEC/cgiwrap or I will chgrp/chmod the files to allow group www write
priv.
(other options include ACLs, but I won't bother with that, let _your_
sysadm deal with it ;)
Oh, and coffee and chocolate never hurt as sysadmin bait ;)
- Matt
