Marc Haber wrote: > Hi, > > On Tue, Aug 23, 2005 at 01:16:32PM +0200, Leos Bitto wrote: > >>Marc Haber wrote: >> >>>On my system, the directories are smokeping:www-data 755, and the rrd >>>files are smokeping:www-data 644. However, this doesn't explain why >>>the web server is able to write the rrd file. How does the web server >>>gain access to the rrd files? Does it escalate privileges to smokeping >>>by some funky way? >> >>The rrd files are written by the smokeping daemon only (which runs under >>user smokeping in your installation, I suppose). The cgi script only >>reads them, and creates the appropriate images in the directory >>specified as imgcache in the configuration file. > > > You're right of course. I mixed up the png and rrd directories, how > embarassing. However, there is no *.adr file in the imgcache directory > (which is /var/www/smokeping on Debian). > > >>>I have made the directory with the rrd files writeable for www-data >>>(smokeping:www-data 755), but still no *.adr file shows up in the >>>directory. What might be going wrong here? >>> >> >>Many things. First, 755 is not writeable by group - but that's probably >>just a typo. > > > Yes, it's a typo. >
OK, so how does it really look? What user, what group, what permissions? Is it smokeping:www-data 775 or something else? > >>Second, your cgi script might not run with privileges >>including group www-data - that might happen for example because you >>Apache lacks access to this group, or because your Apache uses suexec. > > > I cannot verify this since the directory the web server writes to, > /var/www/smokeping, is of course www-data:www-data 755, and the > presence of *.png files shows that the web server can write there. > However, no .adr file here. > The presence of *.png files there says that the cgi script runs under user www-data. However, that doesn't say that it has access to the group www-data (which might be needed to access that other directory). Please run the following cgi script to check the actual permissions: #!/bin/bash echo "Content-Type: text/plain" echo id Additionally, please check whether your Apache uses suexec or not. That would make a big difference. Leos -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://lists.ee.ethz.ch/smokeping-users WebAdmin http://lists.ee.ethz.ch/lsg2.cgi
