Right. I got all that. But the question is this: whatever the permissions
might be, can root give permission -- and it work -- for a file to be world
executable from within the public_html directory within a user's home
directory?
It seems like, sure, of course ... But it didn't work for me. I had a Perl
file, with a cgi extension, in the cgi-bin of a user's home directory. And
it would not run from a web browser. It just wouldn't. The permissions were
755. I checked them a million times. I set them with root. I set them with
the user account (I am root and the user). Nothing would get the file to
execute as long as it was in the root group.
Chmod did nothing. Chown, however, fixed it by switching the file to the
group of the user. (Yes, I had made a group just for the user.)
It wasn't a matter of me not understanding chmod. I wish :). It was weird,
which is why I'm trying to find out what was going on. Everyone seems to be
saying, "As long as it has 755 permssions, it WILL run."
But, no, it wouldn't. So there's something else going on, which has to do
with which *group* the file belonged to. Because as soon as I changed the
group from "root" to "mitch" the file would run from a web browser.
Anyone have an explanation? If not, I'm just glad the file runs, finally,
and sometime later maybe I'll understand why it wouldn't run before -- even
when I, as root, gave 755 permissions.
mitch
Randy Kramer
<[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
Sent by: cc:
newbie-owner@linux-ma Subject: Re: [newbie] Shell
Script
ndrake.com
01/07/02 11:09 AM
Please respond to
newbie
[EMAIL PROTECTED] wrote:
> This brings up a question about permissions ...
>
> So a script (or any executable, such as a perl script written for cgi)
> cannot be run by anyone other than root, if it was created by root? I
mean,
> root can't give permission for a root-owned script to be world
executable,
> even if the administrator wanted to? While I can see how doing that would
> be a very bad idea, in terms of security, I'm just asking in order to
learn
> more about linux file permissions.
>
> I had written a perl cgi script, and it wouldn't run from the web page,
as
> it turns out because I had created it as root.
In general, root can give permission to other to execute (or read, or
write) a file. You should read more on this somewhere, but generally,
every file has a set of permission bits, sometimes displayed like 700,
755, or 777 (and sometimes with another leading digit). Of these three
digits, the first represents permissions for the owner of the file
(which could be root or anybody else), the second gives permissions for
a group which "owns" the file, and the third gives permissions for the
"world" (everybody, or anybody who can log in to the system holding the
files).
The three digits are octal, and it is helpful to interpret them as the
bits representing that octal number. (Like 7=111, 6=110, ... 0=000
(don't know why I did that backwards, it's more natural to start at 0.
;-) In the group of three bits, the first bit represents read
permission, the second represents write permission, and the third
represents execute permission.
So, as an example, if you set the permissions on a file to 751, the
owner of the file would have read, write, and execute permission, and
the group that owns the file would have read and execute permissions,
and the whole world would have read permissions.
Read up on chmod and chown.
Randy Kramer
PS: When you get into CGI, especially on a TWiki, things can get a
little more confusing. TWiki stores all revisions in RCS, and as
presently set up, the RCS files are locked (separate from the chown /
chmod business) so only the Apache user (usually "nobody") can modify
them. Finally, there is also chattr command which has some similarities
to the typical dos / windows way of controlling files (hidden,
read-only, etc.). Finally (really!), some of the things you can do with
file permissions depend on which filesystem you are using. For example,
it is not easy to change the owner or permissions for a file stored on a
FAT or FAT32 filesystem.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
