> I seem to be completely clueless about how to get the script to be able > to update in the htdocs hierarchy, it could be the headache i have, or > the headache could be caused by thinking about it. I can only come up > with either changing ownership of directories inside > /var/www/localhost/htdocs (yuk) or running the script as root (yuk). > > So someone make a suggestion and save my brain.
Turn the computer off, have a glass of something pleasant, and continue tomorrow by thinking about the permissions of the directories, files, and the uids running the script. Running the script as root is obviously last choice (and not a good one). That leaves running the script as XYZ. I'll discuss a single file for simplicity. Unix access permission semantics says that in order to update a file, XYZ needs write access to the file. It does not nead write access to the directory the file is in. It's possible XYZ also needs execute access for all the directories of the path of file-to-change - same as for reading that same file. Read access to those directories is not needed if you can specify the full path - but execute on all higher directories is required for reading! Obviously, for creating files, write access to the directory is also required. For all higher directories exec access is sufficient. To "get access" the process is to compare owner/group/other of the file with the requesting user ID, in that order. Other always matches. Important: only the first match is checked! If UID and owner are identical and permissions for owner don't give access, you won't get access even if everything is allowed for "other"! You can't do much about the UID of the script, that's always XYZ. You don't want XYZ to own all the directories and files. That leaves creating appropriate access for the group ID XYZ runs with. You need to consider permissions for directories and files separately, and what's appropriate depends on what you want - read only, overwrite existing files only, create new files/directories etc. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
