Maybe I interpret the OP's question wrongly, but if the script in question presented the user with a list of the files they uploaded, and allows them to indicate which of those files are to be deleted by clicking check boxes or radio buttons, and the selection made is mapped to actual path/file at the server. Ie. The path information is not derived from any source that the user has the ability to edit. (Phew! A lot of caveats!)

Under those circumstances, there is no reason that files should not be deleted on behalf of the user is there?

If the fear is that the user might supply the names of files other than those which they might legitimately want to delete, I fail to see how marking files for deletion in the script and having another automated process delete them would be any more secure?

I'm not really up-to-scratch on *nix security, but surely it would be possible to create an account specifically for running the webserver that only had delete privileges in the upload directory and nowhere else?

Okay you lot, get your wings on the left, halos on the right. It's one size fits all, and "No!", you can't have a different color.
Pick up your cloud down the end and "Yes" if you get allocated a grey one they are a bit damp under foot, but someone has to get them.
Get used to the wings fast cos its an 8 hour day...unless the Govenor calls for a cyclone or hurricane, in which case 16 hour shifts are mandatory.
Just be grateful that you arrived just as the tornado season finished. Them buggers are real work.

In reply to Re: Re: deleting files created via cgi by BrowserUk
in thread deleting files created via cgi by db2admin

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.