UPDATE: I forgot to mention (memory spurred by tangential remark by jeffa), setting the directory to setgid. Thus if nobody and user are in a group, and the directory is group writable and setgid group all files created within will be in the group and editable by both. I have done this before, it can get a little hairy though. This works best with a RedHat type system, since each user has their own group. All that is required is to add nobody to each of these groups.

Achh, I can't believe I missed suexec! Zaxo++. (Suexec can be a major pain though, most notably the DocumentRoot gets locked in at compile time) I actually used both suexec and the setgid trick together. The reason why I needed the setgid supplement is that I was also using mod_dav. With WebDAV files are created by the webserver *proper*...

PS> umask 002 could not give you a file that is a+w (or even o+w to be more specific).

--
perl -pe "s/\b;([st])/'\1/mg"

I've read about some of these options, but are there any that don't involve installing extra server-side software?

Ahh that is an additional stipulation you did not initally make. Two of the options I gave meet this new criterion, also see the update I have added. However, IMO this is much like somebody coming here asking to implement some given functionality and saying "no modules". There is a very good reason this software(or modules) exist, and that is to meet a need and make the solution available for others, no reinventing the wheel.

--
perl -pe "s/\b;([st])/'\1/mg"

My favorite method is to run (on Apache) with the suEXEC option set. That has your cgi scripts run as you. There are dangers similar to running suid, but you have much better use of unix native filesystenm security.

After Compline,
Zaxo

As long as you're writing into a directory that's 777, your CGI should be able to chmod. Check your directory permission, and double-check that the file path you're passing to chmod is exactly the same as the file you just created.

emilford,

I have used the setuid (chmod 4755) method extensively with Perl scripts, so not sure where you read that it wouldn't work. One caveat is that a properly configured *nix system will reset the s-bit anytime the file is modified (e.g. you upload an improved version), so you have to specifically re-chmod it everytime you make an update. This is a security feature.

I need to have my script create files that are editable by both my username and the username nobody.

On a slightly pedantic note that might have been overlooked, if you run your script setuid, then the script is running as you, not "nobody". And that is probably what you're looking for, since the point is that you want your scripts to be able to modify the files, and still be able to login via Telnet/SSH/FTP/whatever and modify them.

Hope this helps... Jon

I believe the script is being called by Apache, but then again, I'm not 100% sure. I have the directory set (for testing only) to 777 and the file I'm trying to modify is set to 666. I'm still not able to make any changes...always get a Permission Denied. I also get a Permission Denied error when trying to chmod the file from within the script. Could I be doing this wrong?

well if you can't chmod the file within the same script then I'd say you're overlooking something (hard to say without looking at the code). I've never actually seen an instance where something like this doesn't work:

...
open(FILE, ">$file") || die $!;
... [stuff]
close(FILE);
chmod 0666 $file;
[download]

Opening the file later might still be another issue...