mod_perl and writing to 755 folders

ultranerds has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: mod_perl and writing to 755 folders by MidLifeXis (Monsignor) on Jun 14, 2013 at 12:36 UTC
Be very careful about validating that the server here is not public facing, or that the uploader is very well protected, or it could end up being a drop box for many items that are less than desirable. It appears to be that the image uploader is dropping an image directly into the public_html directory for the user. If this public_html directory is available to the web, and the script that is allowing the upload is not protected well, it would be quite easy to use the user's image area for a dropbox for certain types of images, warez, and other content typically not acceptable to service providers (and perhaps the user). Update: I also would (typically) not allow a mod_perl component to run in a user's context, unless the user is the sole process owner on that instance of Apache. `mod_perl` runs in the context of the server, and, if I remember correctly (I am certain that I will be corrected if I don't), is not able to be run as the user, the way that fCGI, CGI, PHP, and other script types can be. By loading a module under mod_perl from the user's directory, you are giving the user access to your entire Apache instance. The user is able to modify the module, and on the next server restart, will have the new code executing, or perhaps crashing the server. --MidLifeXis	[reply] [d/l]
Re^2: mod_perl and writing to 755 folders by ultranerds (Hermit) on Jun 14, 2013 at 12:42 UTC
The images get removed after 30 mins, if they didn't go through with the process (even a slow person can submit the short form in less than 5 mins, so 30 mins if more than enough). We also cap them to just images (not exe, zip, pdf's etc etc). Unfortunately it needs to be viewable from the browser (as we show a preview image once its uploaded	[reply]
Re: mod_perl and writing to 755 folders by Anonymous Monk on Jun 14, 2013 at 09:32 UTC
Is there anything I can do? Yeah, give permission to apache user/group	[reply]
Re^2: mod_perl and writing to 755 folders by ultranerds (Hermit) on Jun 14, 2013 at 12:25 UTC
Hi, Thanks for the reply :) How do I do that? Here is what I have in the conf: ServerName site.org ServerAlias www.site.org DocumentRoot /home/user/public_html ServerAdmin webmaster@site.org UseCanonicalName Off CustomLog /usr/local/apache/domlogs/site.org combined CustomLog /usr/local/apache/domlogs/site.org-bytes_log "%{%s}t %I +.\n%{%s}t %O ." ErrorLog /home/user/error_log ## User user # Needed for Cpanel::ApacheConf UserDir enabled user <IfModule mod_suphp.c> suPHP_UserGroup user user </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup user user </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid user user </IfModule> ScriptAlias /cgi-bin/ /home/user/public_html/cgi-bin/ PerlRequire /home/user/startup.pl <Directory /home/user/public_html/cgi-bin/links> SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> # To customize this VirtualHost use an include file at the followi +ng location # Include "/usr/local/apache/conf/userdata/std/2/user/site.org/*.c +onf" </VirtualHost> [download] Would I just add this into my <directory> part? `SuexecUserGroup user user` TIA Andy	[reply] [d/l] [select]
Re^3: mod_perl and writing to 755 folders by Anonymous Monk on Jun 14, 2013 at 12:42 UTC
How do I do that? Some form of chmod or chgrp I imagine, but it's been a very long time since I've dealth with this	[reply]