Successfully accessing files

ghosthider has asked for the wisdom of the Perl Monks concerning the following question:

Hi there, Monks-

I've put together an installation script that needs to run on a wide range of Unix servers. The problem is that, on some servers, I get a 'permission denied' error when it tries to set permissions on the files and folders I upload along with it.

Here's how I'm setting permissions:

my $file = 'foo.txt';
chmod 0755, $file or die "Can't chmod $file: $!"
[download]

The files the script sets permissions on will only be accessed by the script itself. Also, just about all of them are empty and will be written to later.

What's the best way to (programmatically) ensure the script can write to the files on a wide variety of Unix servers?

Comment on Successfully accessing files Download Code

Replies are listed 'Best First'.
Re: Successfully accessing files by sgifford (Prior) on Apr 30, 2007 at 22:48 UTC
Hi ghosthider, There's not a ton of detail there, but my guess is that you're uploading a script and some support files via FTP, then trying to run the installation script via a Web browser. In that case, the user you FTP in as is often different from the user the Web server runs as, and so the installer script (running from the Web server) is not able to change permissions on the files uploaded as the FTP user. One solution is to upload a ZIP or TAR file with the support files, then let the installer script unpack them. That way they will all be owned by the Web server user. It's worth noting that the security of this model is not great. Having all of your code writable by the Web server means that many sorts of errors in any Web program would allow an attacker to make changes to any code which the Web server is allowed to change, including anything which was installed by running a script via the Web browser. The more traditional way of installing code, with an installation process run by a user other than the Web server user, is more secure but is tricky or impossible in some hosting configurations. -- sgifford's Web page	[reply]
Re^2: Successfully accessing files by Anonymous Monk on May 01, 2007 at 04:27 UTC
That sounds like a good workaround, sgifford. I think I'll have users directly set permissions on all the scripts, and set up the installation script to only unzip and set permissions on the text files. Sounds like that would be a good way to avoid any security issues. (If my assumption's wrong, just let me know!) Thanks!	[reply]
Re^3: Successfully accessing files by sgifford (Prior) on May 01, 2007 at 05:13 UTC
If the setup program only needs permission to change/install text files, and the text files can't cause your code to do anything dangerous, then that is a very good way to prevent the security issues I mentioned. Good luck! -- sgifford's Web page	[reply]
Re: Successfully accessing files by Anonymous Monk on Apr 30, 2007 at 22:18 UTC
Ah, botched that code sample-- It's really 0666 permissions, not 0755.	[reply]