You'll note that the primary (on my system) is running as root, the rest as user 'www'. Therefore, the directory on the filesystem -- and it should be fully specified, such as '/var/web/root/logs/mylog.log' -- needs to be writable by www, or whatever your server is set up as. Apache configurations are very flexible, and it's equally likely your server will be running under user 'nobody'. In any event, make writing possible:$ ps -aux | grep httpd root 17714 0.0 0.2 5184 4456 ?? Ss 7Jun06 0:12.49 /usr/lo +cal/sbin/httpd www 17715 0.0 0.4 9164 8272 ?? I 7Jun06 0:00.24 /usr/lo +cal/sbin/httpd www 17716 0.0 0.4 8744 7864 ?? I 7Jun06 0:00.15 /usr/lo +cal/sbin/httpd www 17717 0.0 0.4 8768 7996 ?? I 7Jun06 0:00.19 /usr/lo +cal/sbin/httpd www 17724 0.0 0.4 8748 7788 ?? I 7Jun06 0:00.19 /usr/lo +cal/sbin/httpd www 17756 0.0 0.4 8772 7820 ?? I 7Jun06 0:00.20 /usr/lo +cal/sbin/httpd dwilde 7928 0.0 0.0 1512 988 p7 S+ 6:28AM 0:00.00 grep ht +tpd
As has been mentioned, allowing somebody to open a file on your server and write to it can cause mucho heartburn. Be very careful what you allow and who you allow to do it. I'd suggest that you force the directory and only allow the filename to be chosen:$ su Password: # chown www /var/web/root/logs # chmod 744 /var/web/root/logs # exit $
And make sure that your script is limited as to how much information can be written to the file. Bear in mind that Perl can be used to poke a webserver as well as being poked, and some nasty little script kiddie will surely use it to do so at some point in your life. =8^Omy $subject = param('subject'); open (LOG, ">/var/web/root/logs/$subject") || die "Error opening file +: $!\n";
In reply to Re: use variable as name for new file
by samizdat
in thread use variable as name for new file
by Zcity
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |