On Wed, 30 May 2007 22:00:27 +1200 Nick Rout <[EMAIL PROTECTED]> wrote:
> I want to have a script updating a web page. Basically it downloads a > podcast file, amends some tags and saves it to a directory in apache's > htdocs, (and from there I have other podcast reading software read it.) > It needs to be run via cron. > > I don't want to run the script as root, but the htdocs area is all owned > by root. > > I seem to be completely clueless about how to get the script to be able > to update in the htdocs hierarchy, it could be the headache i have, or > the headache could be caused by thinking about it. I can only come up > with either changing ownership of directories inside > /var/www/localhost/htdocs (yuk) or running the script as root (yuk). > > So someone make a suggestion and save my brain. Your http process will either be running as nobody or www-data. With the exception of any upload directories, all it requires is read access to the relevent apache directory tree. Now some prople contend that these files should also be owned by nobody/www-data, but I contend that they *DONT*, as it's then an extra hurdle that any hacker needs to jump through before screwing with your website. So, make the htdocs diretriry(ies) owned by yourself, and ensure that directories have read/execute permission set for other, and read for normal files. And no write permissions anywhere unless a log file or an upload location. That way you can run anything from your own cron. Steve
