deleting files via perl cgi

db2admin has asked for the wisdom of the Perl Monks concerning the following question:

I have a question regarding the deletion of files via a perl cgi script when the script deleting the files is not the script that creates the files. If I include chmod on the file in the script creating a file, I don't see the new permissions reflected in ws-ftp and subsequently cannot delete the files with a different perl script.

The scripts run on a shared web server. Is there any way that I can allow the delete script to run successfully considering that I do not have control over the web server?

Comment on deleting files via perl cgi

Replies are listed 'Best First'.
Re: deleting files via perl cgi by graff (Chancellor) on Dec 08, 2002 at 04:17 UTC
I do not have control over the web server The question is not "do you have control over the web server?" but rather "do you have a normal user account on the web server, and can you run a cron job from that user account?" Also: can you locate and control the permission on the directory where these files are being uploaded? The point is that a normal user account (your personal account, which you use to create and install web resources on this server) can be permitted to delete files that are created by the "nobody" web-server account, even if the permission on the individual files is "rw-r--r--", if the permission on the DIRECTORY is "rw-rw-rw" (which is likely to be true, otherwise "nobody" would be unable to create files there!) So, if you are able to run an ssh shell on this server, and can run "crontab -e" as a shell command, you can define a cron job that will run under your own account, and delete files that folks have marked for deletion via some other cgi script of yours.	[reply]
Re: deleting files via perl cgi by tadman (Prior) on Dec 08, 2002 at 04:06 UTC
Usually the problem is not a question of which script creates them versus which script deletes them, but a matter of which user the various scripts are running as. A server like Apache typically uses "nobody", so any files created by a script should be deletable by a similar script on the same site. Things get tricky if you're trying to mix with an FTP daemon that might be using, for example, the user "ftp" instead. There's also the possiblity that the Web server is using some kind of "SUID" CGI mechanism to assign each site its own user. That's when permissions on the files are very important. You might want to check with stat to see who owns them, and if you're able to write to the directory they are in, which is sometimes required to effect a deletion. If you can get in via shell, you can use the long directory listing (ls -l) to see who owns what.	[reply]