Re: nms wwwboard ownership silliness

If the web server is a unix-like box, "chown" is a place you cannot go -- that's something only root (superuser) can do.

What's happening is that the file is being created by the web server account (which happens to be called "nobody" on your server).

If the file had existed previously, and had been owned by some other account (eg you), then the logical approach would be that the web server simply truncates and rewrites the content of the file, without deleting it completely -- this would mean that you would retain ownership. But for this to work, you need to grant write permission to "nobody" for the file you own, so the web server account can modify it.

Then again, maybe this service doesn't take that approach, and somehow manages to always create a new file, which must therefore be owned by "nobody". In that case, the process that creates the file must also do a "chgrp" to associate it with a user group that you are also a member of, and then set group write permission on the new file.

(If the directory has the appropriate group ownership, and its "set-group-id" mode flag is set, the group ownership of the file will be set automatically, and the file creation process only needs to set group write access.)

Comment on Re: nms wwwboard ownership silliness

Replies are listed 'Best First'.
Re^2: nms wwwboard ownership silliness by sgifford (Prior) on Sep 20, 2005 at 03:08 UTC
maybe this service doesn't take that approach, and somehow manages to always create a new file It's fairly common to create a new file, then `rename` it to the original name, since that guarantees there is never a partially written file served up. (If the directory has the appropriate group ownership, and its "set-group-id" mode flag is set, the group ownership of the file will be set automatically, and the file creation process only needs to set group write access.) Setting an appropriate `umask` may also accomplish this, depending on the code. This is a really clever solution; I didn't realize that the setgid bit would let the Web server user create a file owned by a group it wasn't a member of, but a small test confirms this. I can think of tons of places to use this. Thanks!	[reply] [d/l] [select]
Re^2: nms wwwboard ownership silliness by Anonymous Monk on Sep 20, 2005 at 14:01 UTC
If the web server is a unix-like box, "chown" is a place you cannot go -- that's something only root (superuser) can do. That's not necessarely true. One some Unix systems, only root may `chown` files to a different user. But other Unix systems allow a user to `chown` their own files to a different user.	[reply] [d/l] [select]