in reply to File ownership

sulfericacid,
Your problem is not with your code, but your understanding of *nix file systems. You really need to spend some time understanding how these work. Here is some helpful advice:

  • man chmod
  • man chgrp
  • /etc/passwd
  • /etc/group

    Each line in /etc/passwd is a 7 field record using : delimiter

  • First field is the login name
  • Second field is for the password (typically stored in another file)
  • Third field is the user id
  • Fourth field is the group id

    Each file on the system has an owner and a group. This combined with the permissions determine who can do what to that file. You will be amazed to find that the permission to delete a file is not controlled by the permission on the file, but rather by the permission of the directory the file is in. Why is this? Because the inode that tells the OS where that file is stored in the directory.

    When setting permissions, you are typically only concerned with the last 3 octal settings:

  • 1 = execute
  • 2 = write
  • 3 = write + execute
  • 4 = read
  • 5 = read + execute
  • 6 = write + read
  • 7 = execute + write + read
  • octal position 1 is for special bits (typically not used)
  • octal position 2 is for owner of file
  • octal position 3 is for group of file
  • octal position 4 is for world (everyone)

    A typical use would be chmod 640 file
    If you decide you want to use the special bits:

  • 1 = sticky bit
  • 2 = set group id bit
  • 4 = set user id bit

    I will leave it up to you why you might want to use one of these, but Coplan has already shed some light on the matter.

    Depending on the system, you will not be able to give your files away (chown) unless you are the superuser. You can't change the group (chgrp) on a file to a group you don't belong (/etc/group). You can not delete a non-empty directory.

    • So finally to your question: How can you delete all the files and directories created by your CGI script.

    One idea would be to make sure you and the apache daemon's account (typically nobody) are both in the same group. Then just make sure that anything you create (directory or file) is writeable by group.

    Another bad idea would be to give everything 777 permissions. Please do not consider this an option - security.

    The best idea would be for you to absorb this information and come up with what is the best solution for you in your environment.

    Cheers - L~R

    In Section Seekers of Perl Wisdom