chmod problem when creating a file in web script
in [Perl]
|
Prev: FAQ 8.30 How can I convert my shell script to perl?
Next: FAQ 7.25 Why can't a method included in this same file be found?
From: John on 26 Jul 2010 01:49 Hi This is a web based Perl script. I need to allow the user to create a small file under /home/example.com/industry/ - already chmod 0755. I have tried chmod in the Perl script to change the permission to write - then back to read my $filename='/home/example.com/industry/london.txt'; chmod (0777,$filename); # allow writing open (DAT,">$filename"); print DAT "$whatever"; chmod (0755,$filename); # safely back to read only but I get permission denied. I don't want 0777 anywhere because of security issues. How do I get around the final 7 in 0777? Regards John
From: Ben Morrow on 26 Jul 2010 05:22
Quoth "John" <john1949(a)yahoo.com>: > > This is a web based Perl script. > > I need to allow the user to create a small file under > /home/example.com/industry/ - already chmod 0755. > > I have tried chmod in the Perl script to change the permission to write - > then back to read > > my $filename='/home/example.com/industry/london.txt'; > chmod (0777,$filename); # allow writing Does this file really need to be executable? > open (DAT,">$filename"); > print DAT "$whatever"; > chmod (0755,$filename); # safely back to read only > > but I get permission denied. From where? None of the lines above do any error checking, so is this not your real code? Have you seen the Posting Guidelines? Assuming the error is from the chmod, you can't chmod a file unless you own it (for obvious reasons). I don't quite know what you're trying to achieve here, but I suspect you're going about it the wrong way entirely. > I don't want 0777 anywhere because of security issues. How do I get around > the final 7 in 0777? What 'security issues' do you think are prevented by this? Apart from anything else, had the code above worked you would have had a window where the file *was* 0777, completely removing any potential security benefit from chmoding it back to 0755 afterwards. Oh, and (as usual): Check the return values of your system calls. Use three-arg open. Keep your filehandles in variables. Explicitly close any file opened for writing and check for errors. Don't uselessly quote variables. open (my $DAT, ">", $filename) or die "can't open '$filename': $!"; print $DAT $whatever; close $DAT or die "can't write to '$filename': $!"; You could also use the 'autodie' CPAN module (core as of perl 5.10) to do all the 'or die's for you. Ben |