cancel
Showing results for 
Search instead for 
Did you mean: 

Attributes of files created by user Nobody

N/A

Attributes of files created by user Nobody

How do I change attributes of files created by the web user (Nobody), with attributs such as:
-rw-r--r-- 1 nobody nobody 280 Sep 26 12:18 test.doc

Ftp or telnet access to the cgi server does not allow me to change them.

Thanks,
Eli
9 REPLIES
N/A

Attributes of files created by user Nobody

Yes, it's a problem. Under your own user ID, you can't change the permssions or attributes.

There are two solutions, that I can think of at the moment:
  • Short term: ask support to log on as "root" and change the ownership of the files / directories. I did this when I encountered the problem -- a chown -R napchan * issued in your home directory would make you the owner of all files and directories, enabling you to take control of your files. But you'd have to contact support every time, so not a long-term solution.

  • Longer term: write a script (which would execute from a browser, so with UID "nobody") to change the permissions giving read/write access to "other": o+rw). This would then give my own UID the right to delete the file / directory. I'd then have another script, run under my UID, which would scan through my userspace finding files owned by nobody, creating a new file ("temp") copying the "nobody" file to "temp", deleting the "nobody" file and renaming the "temp" file to the name originally used by the "nobody" file. This would mean I end up with all files owned by my UID and no "nobody" files.
Someone else may have a better solution, but that's how I see it at the moment.
N/A

Attributes of files created by user Nobody

If you have a script already written it would probably be more helpful if you posted it for others to use without everyone else having to write their own. That way others could alter the paths for their own directories and we all help each other out.


Just a thought Smiley

P.S. If you dont have one written I will knock one up.
N/A

Attributes of files created by user Nobody

Isnt it enough just to give everybody rw permissions? Running chmod instead of chown.
Then I could move/delete/rename the files with my own user id.

Yes, if there is already a script, it would be very useful.
N/A

Attributes of files created by user Nobody

If everybody had rw permissions that could have devastating consequences. Say I get aggrieved for some reason, all I then have to do is go to the root directory of the web server - type rm -Rf * and BOOM everyone's files are deleted within a matter of seconds.
N/A

Attributes of files created by user Nobody

When I asked Support to intervene on my behalf, I asked them to use chown to make me the owner of files in my webspace. That then enabled me to do what I wanted with them without having to go through any copying / deleting process.

As far as a script running as user "nobody" is concerned, the chown option isn't available (as someone rightfully pointed out in another thread on this subject), so the only option is to use chmod. The script will create any new files with owner and group of "nobody" which means we, as users, gain access to the file as "other" since we're not user user "nobody" and aren't in group "nobody". So we need a script (running as nobody) to give "other" read and write access to each file owned by nobody. We then need another script, run under our own user ID, which will go through the kind of stuff I indicated in the earlier post, which means <username> will end up as the owner of the file, and the "other" permissions can then be trimmed down.

For reasons given by "spidster" the two scripts should ideally be run closely one after the other to reduce the exposure he mentioned.

Quote
If you have a script already written it would probably be more helpful if you posted it for others to use without everyone else having to write their own. That way others could alter the paths for their own directories and we all help each other out.


I agree completely, and had intended to do this with any script I might have produced. However, at the moment this is not a pressing need for me, and in any case, I've never written anything of my own in PHP before, so I'd be starting from scratch and I wouldn't expect to produce anything in the immediate future. If you're in a position to come up with something pretty much off the cuff, then that would be a help to everyone.

The "Tutorials and FAQs" team has a separate account (currently used for storing any images used in the Tutorials articles). We could consider posting the script on that account, and creating a new "Tutorials and FAQs" article to explain the problem and how to use the scripts to overcome it. That way, users of all the PlusNet companies would be able to gain from it. (Says he, not having raised it with the other Tutorials and FAQs members -- but I can't see it should be a problem!)
N/A

Attributes of files created by user Nobody

OK here's the deal. I have looked at writing a chown script to run as user nobody and change the file ownership. This is proving a bit tricky due to the configuration for user 'nobody'. If I do get this working I will post it.

However, in the meantime I suggest writing better code for creating files with the owner already set to yourself, this will completely eliminate this problem and also increase security.

Spid
N/A

Attributes of files created by user Nobody

Well, for what it's worth, I've had a go at this myself.

I've created a tar archive of my scripts, which can be downloaded as nobodyTools.tar.gz, ready for FTP-ing to your own space.

If you want to try it out, FTP the archive into your own space (binary, 3188 bytes) and extract it with tar xvzf nobodyTools.tar.gz. You should then have a directory, nobodyTools, containing three files:
  • permissions.php: Used via a browser, sets permissions of directories owned by "nobody" to 0777 and files owned by "nobody" to either 0777 (if nobody has execute rights) or 0666. Enter a directory or file name in the text entry box and press the "Perform Processing" button.

  • takeOwnership: a shell script which may be used to perform the copy-and-delete process referred to in this thread. It is executed from a command prompt, and should be used after running permissions.php. The script has two options: -R for directory recursion, and -v for verbose output.

  • makefile.php: Also used via the browser. I used this to create a few files owned by "nobody" so I could test the other tools. Note it can create files but not directories! (It simply sets the umask to 0000, and does a "touch" on the filename provided by the user). Please don't use it to fill my CGI space with "junk" files -- I'm going to disable it right now!
I found they worked for me, but if anyone cares to improve on them, please do!

Recommended permissions: 0700 for "takeOwnership" and 0600 for the PHP scripts (for these change permissions to 0604 when you're about to give them a run, and set the permissions back to 0600 afterwards).

The "takeOwnership" script does not really deal with directories, although it can recurse down a directory structure to deal with the files ("-R" option). It occurred to me the best way of dealing with directories owned by "nobody" is to make sure all the permissions of subordinate objects are satisfactory, and then just do a full directory copy of that directory, followed by a delete of the "nobody" directory, and a rename of your copy.
N/A

Great tools but these shouldnt be necessary

The tools you have posted work great! Thanks! :lol:

Although F9 these shouldnt be necessary. Why are permissions set in this way? Cry

Thanks again,
L
N/A

Attributes of files created by user Nobody

Thanks task, nice little script and worked a treat Cheesy