[EMAIL PROTECTED] wrote: > This brings up a question about permissions ... > > So a script (or any executable, such as a perl script written for cgi) > cannot be run by anyone other than root, if it was created by root? I mean, > root can't give permission for a root-owned script to be world executable, > even if the administrator wanted to? While I can see how doing that would > be a very bad idea, in terms of security, I'm just asking in order to learn > more about linux file permissions. > > I had written a perl cgi script, and it wouldn't run from the web page, as > it turns out because I had created it as root.
In general, root can give permission to other to execute (or read, or write) a file. You should read more on this somewhere, but generally, every file has a set of permission bits, sometimes displayed like 700, 755, or 777 (and sometimes with another leading digit). Of these three digits, the first represents permissions for the owner of the file (which could be root or anybody else), the second gives permissions for a group which "owns" the file, and the third gives permissions for the "world" (everybody, or anybody who can log in to the system holding the files). The three digits are octal, and it is helpful to interpret them as the bits representing that octal number. (Like 7=111, 6=110, ... 0=000 (don't know why I did that backwards, it's more natural to start at 0. ;-) In the group of three bits, the first bit represents read permission, the second represents write permission, and the third represents execute permission. So, as an example, if you set the permissions on a file to 751, the owner of the file would have read, write, and execute permission, and the group that owns the file would have read and execute permissions, and the whole world would have read permissions. Read up on chmod and chown. Randy Kramer PS: When you get into CGI, especially on a TWiki, things can get a little more confusing. TWiki stores all revisions in RCS, and as presently set up, the RCS files are locked (separate from the chown / chmod business) so only the Apache user (usually "nobody") can modify them. Finally, there is also chattr command which has some similarities to the typical dos / windows way of controlling files (hidden, read-only, etc.). Finally (really!), some of the things you can do with file permissions depend on which filesystem you are using. For example, it is not easy to change the owner or permissions for a file stored on a FAT or FAT32 filesystem.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
