You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Toni Moreno <to...@gmail.com> on 2012/12/11 11:33:06 UTC
[users@httpd] mod_fcgid upload permission changes.
Hi to all ,and sorry form my poor English.
I have a problem when trying upload files and handle it with mod_fcgid.
The fact is I'm running apache 2.2.16 on debian and runing it as user
"itsat" which have "0022" umask. ( user "itsat" creates files in 644 mode).
itsat@test:/tmp$ touch foo
itsat@test:/tmp$ ls -ltr
total 252
drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
drwx------ 2 root root 100 dic 11 08:51 vmware-root
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
But when doing an "upload" ( from any browser) the mod_fcgid creates a tmp
file with 600 permissions !! ( an lots of problems after because I can not
read it from a CGI program who expects 644 permissions.
itsat@test:/tmp$ ls -ltr
total 252
drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
*-rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa*
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
drwx------ 2 root root 100 Dec 11 08:51 vmware-root
Can anybody help me to change this behavior on apache/mod_fcgid ?
Thanks!!!
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Ben Johnson <be...@indietorrent.org>.
On 12/11/2012 1:01 PM, Toni Moreno wrote:
> I would be happy to know another way to upload files for any users on
> the system through HTTPS.
>
> But the question is why mod_fcgid changes apache umask ? is the correct
> way to proceed , a undefined configuration , or a bug?
>
> El 11/12/2012 18:12, "Eric Covener" <covener@gmail.com
> <ma...@gmail.com>> escribió:
>
>
>
>
> On Tue, Dec 11, 2012 at 10:30 AM, Toni Moreno <toni.moreno@gmail.com
> <ma...@gmail.com>> wrote:
>
> Yes !!! I do!!!
>
> The php-cgi executes a php command who does the following.
>
> - changes EUID for the process to a user who belongs to
> "itsatadm" group ( it works fine!)
> - reads uploaded file in /tmp/ and stores it to the $HOME of
> this user.
>
>
> Isn't that the wrong way to read a request body in fastcgi?
>
When you say, "But when doing an "upload" ( from any browser) the
mod_fcgid creates a tmp file with 600 permissions !!", by what means are
you uploading the file? With PHP?
If so, are you calling PHP's chmod() function, e.g.,
chmod('/tmp/file.ext', octdec('0644')) on the temporary file once you've
confirmed that is has been uploaded to PHP's temporary directory
successfully?
-Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Tom Evans <te...@googlemail.com>.
On Wed, Dec 12, 2012 at 2:26 PM, Toni Moreno <to...@gmail.com> wrote:
> Hi Ben, Eric , I'm developing a centraliced IT-Administration platform.(
> http://sourceforge.net/projects/itsat/ )
> …
> I've tested your suggestion ( by adding a chmod while still root) but
> doen't work:
>
>
Hi Toni
This isn't what Eric suggested. Eric's reply to you:
> mod_fcgid doesn't do this for you. If you POST to a fastcgi, read the
> post body in whatever direct way your language provides. Don't try to
> figure out what temporary file the server may have created in the
> background and read it as a file.
If you are using mod_fcgid, the uploaded file is made available to you as
stdin. The temporary file created in /tmp is *ONLY* for the use of
mod_fcgid itself - applications run using mod_fcgid should read the file
from stdin.
What you are trying would only work *BY CHANCE* if you were running under
the same user.
Cheers
Tom
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Eric Covener <co...@gmail.com>.
> Finally I can't understand what is doing internaly
> apache/mod_fgcid/php-cgi. with umask while uploading file..
>
It's not doing anything. It's creating a secure temporary file for its own
use that you're trying to read under a different userid.
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Toni Moreno <to...@gmail.com>.
Hi Ben, Eric , I'm developing a centraliced IT-Administration platform.(
http://sourceforge.net/projects/itsat/ )
Each user has a HTTP certificate, and a OS user in the platform who belongs
to a generic "itsatadm" group, and the only way to put files should be by
HTTPS . Not SCP or SFTP allowed.
In this environment , I need execute php scripts with arbitrary EUID
permisions( EUID depents on the user who makes POST) .
Upload ( file transfer and storing) is done by apache , not me!
I've tested your suggestion ( by adding a chmod while still root) but
doen't work:
:PHP ERROR [2] : fopen(/tmp/phpaP806V) [<a
href='function.fopen'>function.fopen</a>]: failed to open stream:
Permission denied.
==========================
Your Suggestion execution level stack ( Not working)
==========================
apache(itsat:itsatadm) -> writes data with mod_php ( 640)
> mod_fcgid (itsat:itsatadm) -> leaves /tmp/XXXX ( 600 )
>> php-cgi ( root:itsatadm) -> leaves /tmp/XXXX
>>> my_upload_handler.php ( as root)
*---------> (* added) chmod /tmp/XXXXX ( 1200 )*
---------> change EUID ( as $user )
---------> ( do things)
---------> read /tmp/XXXX and store to ~$user/
---------> finish upload
==================
I 've finally bypassed this trouble setting effective permissions to root
ONLY to open the temporal file.
posix_seteuid(0) // as root
fopen(/tmp/phpaP806V)
posix_seteuid($user);
================================
Bypassed execution level stack (IT WORKS)
================================
apache(itsat:itsatadm) -> writes data with mod_php ( 640)
> mod_fcgid (itsat:itsatadm) -> leaves /tmp/XXXX ( 600 )
>> php-cgi ( root:itsatadm) -> leaves /tmp/XXXX
>>> my_upload_handler.php ( as root)
---------> change EUID ( as $user )
---------> ( do things)
*---------> posix_seteuid(0)
---------> fopen(/tmp/XXXX)
---------> posix_seteuid($user)*
---------> store file to ~$user/
---------> finish upload
But this is *NOT* the best solution since *my_upload_handler.php is a third
party library !!!!*.
I will look for a better solution in the future.
Finally I can't understand what is doing internaly
apache/mod_fgcid/php-cgi. with umask while uploading file..
Thanks to all ( Eric and Ben).
:)
2012/12/11 Ben Johnson <be...@indietorrent.org>
>
>
> On 12/11/2012 1:12 PM, Eric Covener wrote:
> > On Tue, Dec 11, 2012 at 1:01 PM, Toni Moreno <to...@gmail.com>
> wrote:
> >> I would be happy to know another way to upload files for any users on
> the
> >> system through HTTPS.
> >
> > mod_fcgid doesn't do this for you. If you POST to a fastcgi, read the
> > post body in whatever direct way your language provides. Don't try to
> > figure out what temporary file the server may have created in the
> > background and read it as a file.
> >
> >
> >> But the question is why mod_fcgid changes apache umask ? is the correct
> way
> >> to proceed , a undefined configuration , or a bug?
> >
> > Read your systems manual entry for "mkstemp". This family of
> > functions doesn't create files with the just the umask masked off, it
> > explicitly controls them.
> >
>
> Toni, to add to what Eric said above, I think most of us are trying to
> understand why you are attempting to control file permissions at the
> Apache layer (or worse, the OS layer).
>
> Applications should be portable. If you move your application to another
> server, it should function the same way. By attempting to control the
> initial permissions with which Apache creates files, you are violating a
> fundamental tenet of the portability principle.
>
> If I read your original post correctly, PHP should have the permissions
> required to call chmod('/tmp/fcgid.tmp.PEozaa/', octdec('0644)). Problem
> solved.
>
> -Ben
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Ben Johnson <be...@indietorrent.org>.
On 12/11/2012 1:12 PM, Eric Covener wrote:
> On Tue, Dec 11, 2012 at 1:01 PM, Toni Moreno <to...@gmail.com> wrote:
>> I would be happy to know another way to upload files for any users on the
>> system through HTTPS.
>
> mod_fcgid doesn't do this for you. If you POST to a fastcgi, read the
> post body in whatever direct way your language provides. Don't try to
> figure out what temporary file the server may have created in the
> background and read it as a file.
>
>
>> But the question is why mod_fcgid changes apache umask ? is the correct way
>> to proceed , a undefined configuration , or a bug?
>
> Read your systems manual entry for "mkstemp". This family of
> functions doesn't create files with the just the umask masked off, it
> explicitly controls them.
>
Toni, to add to what Eric said above, I think most of us are trying to
understand why you are attempting to control file permissions at the
Apache layer (or worse, the OS layer).
Applications should be portable. If you move your application to another
server, it should function the same way. By attempting to control the
initial permissions with which Apache creates files, you are violating a
fundamental tenet of the portability principle.
If I read your original post correctly, PHP should have the permissions
required to call chmod('/tmp/fcgid.tmp.PEozaa/', octdec('0644)). Problem
solved.
-Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Eric Covener <co...@gmail.com>.
On Tue, Dec 11, 2012 at 1:01 PM, Toni Moreno <to...@gmail.com> wrote:
> I would be happy to know another way to upload files for any users on the
> system through HTTPS.
mod_fcgid doesn't do this for you. If you POST to a fastcgi, read the
post body in whatever direct way your language provides. Don't try to
figure out what temporary file the server may have created in the
background and read it as a file.
> But the question is why mod_fcgid changes apache umask ? is the correct way
> to proceed , a undefined configuration , or a bug?
Read your systems manual entry for "mkstemp". This family of
functions doesn't create files with the just the umask masked off, it
explicitly controls them.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Toni Moreno <to...@gmail.com>.
I would be happy to know another way to upload files for any users on the
system through HTTPS.
But the question is why mod_fcgid changes apache umask ? is the correct way
to proceed , a undefined configuration , or a bug?
El 11/12/2012 18:12, "Eric Covener" <co...@gmail.com> escribió:
On Tue, Dec 11, 2012 at 10:30 AM, Toni Moreno <to...@gmail.com> wrote:
> Yes !!! I do!!!
>
> The php-cgi executes a php command who does the following.
>
> - changes EUID for the process to a user who belongs to "itsatadm" group
> ( it works fine!)
> - reads uploaded file in /tmp/ and stores it to the $HOME of this user.
>
>
Isn't that the wrong way to read a request body in fastcgi?
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Eric Covener <co...@gmail.com>.
On Tue, Dec 11, 2012 at 10:30 AM, Toni Moreno <to...@gmail.com> wrote:
> Yes !!! I do!!!
>
> The php-cgi executes a php command who does the following.
>
> - changes EUID for the process to a user who belongs to "itsatadm" group
> ( it works fine!)
> - reads uploaded file in /tmp/ and stores it to the $HOME of this user.
>
>
Isn't that the wrong way to read a request body in fastcgi?
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Toni Moreno <to...@gmail.com>.
Yes !!! I do!!!
The php-cgi executes a php command who does the following.
- changes EUID for the process to a user who belongs to "itsatadm" group (
it works fine!)
- reads uploaded file in /tmp/ and stores it to the $HOME of this user.
if mod_fcgid changes umask to 600 instead of 644 I can not read file and
stored in the correct path with correct permissions....
Thanks!!!
2012/12/11 Eric Covener <co...@gmail.com>
> > I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to
> /tmp before process
> > "/usr/bin/php-cgi " have been spawned, is because of that your
> suggested bypass doesn't work.
>
> What error are you seeing exactly? mod_fcgid creates the temporary file
> for large bodies, then sends it to the CGI program directly. You shouldn't
> be reading that temporary file directly.
>
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Eric Covener <co...@gmail.com>.
> I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to
/tmp before process
> "/usr/bin/php-cgi " have been spawned, is because of that your suggested
bypass doesn't work.
What error are you seeing exactly? mod_fcgid creates the temporary file
for large bodies, then sends it to the CGI program directly. You shouldn't
be reading that temporary file directly.
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Toni Moreno <to...@gmail.com>.
Hi Igor This is my actual configuration, I'm using as Wrapper de php-cgi.
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
FcgidWrapper /usr/bin/php-cgi .fcgi
FcgidIPCDir /opt/itsat/var/run/fastcgi/fcgidsock
DefaultInitEnv PHPRC "/opt/itsat/etc/"
FcgidConnectTimeout 100
FcgidMaxRequestsPerProcess 1000
IPCConnectTimeout 100
FcgidMaxProcesses 10
FcgidMaxRequestLen 1572864000
</IfModule>
If tested to change php-cgi by php-cgi-wrapper and I've created an script
who makes umaks before exec php-cgi but didn't work.
I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to
/tmp before process "/usr/bin/php-cgi " have been spawned, is because of
that your suggested bypass doesn't work.
Why mod_fcgid is changing umask ? A bug maybe ?
Thanks a lot!!
.
2012/12/11 Igor Cicimov <ic...@gmail.com>
>
> On 11/12/2012 11:05 PM, "Toni Moreno" <to...@gmail.com> wrote:
> >
> > Hi Igor!! Thanks a lot for your answer, but I think is not the correct
> one, becaouse as I said before user "itsat" is already running with correct
> umask, and apache is running with this umask. The same apache instance is
> running mod_php and mod_fcgid. When files are created from mod_php
> default permissions (644) are different from those created from
> mod_fcgid ( 600).
> >
> > Why mod_fcgid changes umaks ?
> >
> >
> > PERMISSIONS MOD_PHP+APACHE = (644)
> >
> > [ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr
> > total 112
> > -rw-r--r-- 1 itsat itsatadm 407 Dec 11 12:54 itsat.log
> > -rw-r--r-- 1 itsat itsatadm 2668 Dec 11 12:54 itsat-web.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsm.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsim.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-remote.log
> >
> > PERMISSIONS MOD_FCGID + APACHE ( 600 )
> >
> > itsat@test:/tmp$ ls -ltr
> > total 252
> > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa <-
> CREATED ON UPLOAD FILE with mod_fcgid
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> >
> >
> Then use wrapper script to set umask for fcgid. See FcgidWrapper for
> details.
>
> >
> > 2012/12/11 Igor Cicimov <ic...@gmail.com>
> >>
> >>
> >> On 11/12/2012 10:42 PM, "Igor Cicimov" <ic...@gmail.com> wrote:
> >> >
> >> >
> >> > On 11/12/2012 9:33 PM, "Toni Moreno" <to...@gmail.com> wrote:
> >> > >
> >> > > Hi to all ,and sorry form my poor English.
> >> > >
> >> > > I have a problem when trying upload files and handle it with
> mod_fcgid.
> >> > >
> >> > > The fact is I'm running apache 2.2.16 on debian and runing it as
> user "itsat" which have "0022" umask. ( user "itsat" creates files in 644
> >> > >
> >> >
> >> > Put umask 022 in the /etc/apache2/envvars file.
> >> >
> >> Or call umask from your cgi script if you like better. Or chmod the
> file from the cgi script after uploading as another option. In these cases
> the change will not be global in apache.
> >>
> >> > > itsat@test:/tmp$ touch foo
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
> >> > > drwx------ 2 root root 100 dic 11 08:51 vmware-root
> >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
> >> > >
> >> > > But when doing an "upload" ( from any browser) the mod_fcgid
> creates a tmp file with 600 permissions !! ( an lots of problems after
> because I can not read it from a CGI program who expects 644 permissions.
> >> > >
> >> > >
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> >> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> >> > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> >> > >
> >> > >
> >> > > Can anybody help me to change this behavior on apache/mod_fcgid ?
> >> > >
> >> > > Thanks!!!
> >> > >
> >> > > --
> >> > >
> >> > > Att
> >> > >
> >> > > Toni Moreno
> >> > >
> >> > > 699706656
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >> > >
> >> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >> > >
> >> > >
> >> > >
> >> > > Benjamin Franklin
> >> > >
> >> > >
> >
> >
> >
> >
> > --
> >
> > Att
> >
> > Toni Moreno
> >
> > 699706656
> >
> >
> >
> >
> > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >
> > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >
> >
> >
> > Benjamin Franklin
> >
> >
>
>
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Igor Cicimov <ic...@gmail.com>.
On 11/12/2012 11:05 PM, "Toni Moreno" <to...@gmail.com> wrote:
>
> Hi Igor!! Thanks a lot for your answer, but I think is not the correct
one, becaouse as I said before user "itsat" is already running with correct
umask, and apache is running with this umask. The same apache instance is
running mod_php and mod_fcgid. When files are created from mod_php
default permissions (644) are different from those created from
mod_fcgid ( 600).
>
> Why mod_fcgid changes umaks ?
>
>
> PERMISSIONS MOD_PHP+APACHE = (644)
>
> [ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr
> total 112
> -rw-r--r-- 1 itsat itsatadm 407 Dec 11 12:54 itsat.log
> -rw-r--r-- 1 itsat itsatadm 2668 Dec 11 12:54 itsat-web.log
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsm.log
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsim.log
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-remote.log
>
> PERMISSIONS MOD_FCGID + APACHE ( 600 )
>
> itsat@test:/tmp$ ls -ltr
> total 252
> drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa <-
CREATED ON UPLOAD FILE with mod_fcgid
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> drwx------ 2 root root 100 Dec 11 08:51 vmware-root
>
>
Then use wrapper script to set umask for fcgid. See FcgidWrapper for
details.
>
> 2012/12/11 Igor Cicimov <ic...@gmail.com>
>>
>>
>> On 11/12/2012 10:42 PM, "Igor Cicimov" <ic...@gmail.com> wrote:
>> >
>> >
>> > On 11/12/2012 9:33 PM, "Toni Moreno" <to...@gmail.com> wrote:
>> > >
>> > > Hi to all ,and sorry form my poor English.
>> > >
>> > > I have a problem when trying upload files and handle it with
mod_fcgid.
>> > >
>> > > The fact is I'm running apache 2.2.16 on debian and runing it as
user "itsat" which have "0022" umask. ( user "itsat" creates files in 644
>> > >
>> >
>> > Put umask 022 in the /etc/apache2/envvars file.
>> >
>> Or call umask from your cgi script if you like better. Or chmod the file
from the cgi script after uploading as another option. In these cases the
change will not be global in apache.
>>
>> > > itsat@test:/tmp$ touch foo
>> > > itsat@test:/tmp$ ls -ltr
>> > > total 252
>> > > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
>> > > drwx------ 2 root root 100 dic 11 08:51 vmware-root
>> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
>> > >
>> > > But when doing an "upload" ( from any browser) the mod_fcgid
creates a tmp file with 600 permissions !! ( an lots of problems after
because I can not read it from a CGI program who expects 644 permissions.
>> > >
>> > >
>> > > itsat@test:/tmp$ ls -ltr
>> > > total 252
>> > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
>> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
>> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
>> > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
>> > >
>> > >
>> > > Can anybody help me to change this behavior on apache/mod_fcgid ?
>> > >
>> > > Thanks!!!
>> > >
>> > > --
>> > >
>> > > Att
>> > >
>> > > Toni Moreno
>> > >
>> > > 699706656
>> > >
>> > >
>> > >
>> > >
>> > > Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido,
>> > >
>> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
>> > >
>> > >
>> > >
>> > > Benjamin Franklin
>> > >
>> > >
>
>
>
>
> --
>
> Att
>
> Toni Moreno
>
> 699706656
>
>
>
>
> Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido,
>
> escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
>
>
>
> Benjamin Franklin
>
>
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Toni Moreno <to...@gmail.com>.
Hi Igor!! Thanks a lot for your answer, but I think is not the correct one,
becaouse as I said before user "itsat" is already running with correct
umask, and apache is running with this umask. The same apache instance is
running mod_php and mod_fcgid. When files are created from mod_php
default permissions (644) are different from those created from
mod_fcgid ( 600).
Why mod_fcgid changes umaks ?
*PERMISSIONS MOD_PHP+APACHE = (644)*
[ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr
total 112
-rw-r--r-- 1 itsat itsatadm 407 Dec 11 12:54 itsat.log
-rw-r--r-- 1 itsat itsatadm 2668 Dec 11 12:54 itsat-web.log
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsm.log
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsim.log
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-remote.log
*
PERMISSIONS MOD_FCGID + APACHE ( 600 )*
itsat@test:/tmp$ ls -ltr
total 252
drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
*-rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa* *<-
CREATED ON UPLOAD FILE with mod_fcgid*
-rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
drwx------ 2 root root 100 Dec 11 08:51 vmware-root
2012/12/11 Igor Cicimov <ic...@gmail.com>
>
> On 11/12/2012 10:42 PM, "Igor Cicimov" <ic...@gmail.com> wrote:
> >
> >
> > On 11/12/2012 9:33 PM, "Toni Moreno" <to...@gmail.com> wrote:
> > >
> > > Hi to all ,and sorry form my poor English.
> > >
> > > I have a problem when trying upload files and handle it with
> mod_fcgid.
> > >
> > > The fact is I'm running apache 2.2.16 on debian and runing it as user
> "itsat" which have "0022" umask. ( user "itsat" creates files in 644
> > >
> >
> > Put umask 022 in the /etc/apache2/envvars file.
> >
> Or call umask from your cgi script if you like better. Or chmod the file
> from the cgi script after uploading as another option. In these cases the
> change will not be global in apache.
>
> > > itsat@test:/tmp$ touch foo
> > > itsat@test:/tmp$ ls -ltr
> > > total 252
> > > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
> > > drwx------ 2 root root 100 dic 11 08:51 vmware-root
> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
> > >
> > > But when doing an "upload" ( from any browser) the mod_fcgid creates
> a tmp file with 600 permissions !! ( an lots of problems after because I
> can not read it from a CGI program who expects 644 permissions.
> > >
> > >
> > > itsat@test:/tmp$ ls -ltr
> > > total 252
> > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> > >
> > >
> > > Can anybody help me to change this behavior on apache/mod_fcgid ?
> > >
> > > Thanks!!!
> > >
> > > --
> > >
> > > Att
> > >
> > > Toni Moreno
> > >
> > > 699706656
> > >
> > >
> > >
> > >
> > > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> > >
> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> > >
> > >
> > >
> > > Benjamin Franklin
> > >
> > >
>
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Igor Cicimov <ic...@gmail.com>.
On 11/12/2012 10:42 PM, "Igor Cicimov" <ic...@gmail.com> wrote:
>
>
> On 11/12/2012 9:33 PM, "Toni Moreno" <to...@gmail.com> wrote:
> >
> > Hi to all ,and sorry form my poor English.
> >
> > I have a problem when trying upload files and handle it with mod_fcgid.
> >
> > The fact is I'm running apache 2.2.16 on debian and runing it as user
"itsat" which have "0022" umask. ( user "itsat" creates files in 644
> >
>
> Put umask 022 in the /etc/apache2/envvars file.
>
Or call umask from your cgi script if you like better. Or chmod the file
from the cgi script after uploading as another option. In these cases the
change will not be global in apache.
> > itsat@test:/tmp$ touch foo
> > itsat@test:/tmp$ ls -ltr
> > total 252
> > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
> > drwx------ 2 root root 100 dic 11 08:51 vmware-root
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
> >
> > But when doing an "upload" ( from any browser) the mod_fcgid creates a
tmp file with 600 permissions !! ( an lots of problems after because I can
not read it from a CGI program who expects 644 permissions.
> >
> >
> > itsat@test:/tmp$ ls -ltr
> > total 252
> > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> >
> >
> > Can anybody help me to change this behavior on apache/mod_fcgid ?
> >
> > Thanks!!!
> >
> > --
> >
> > Att
> >
> > Toni Moreno
> >
> > 699706656
> >
> >
> >
> >
> > Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido,
> >
> > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >
> >
> >
> > Benjamin Franklin
> >
> >
Re: [users@httpd] mod_fcgid upload permission changes.
Posted by Igor Cicimov <ic...@gmail.com>.
On 11/12/2012 9:33 PM, "Toni Moreno" <to...@gmail.com> wrote:
>
> Hi to all ,and sorry form my poor English.
>
> I have a problem when trying upload files and handle it with mod_fcgid.
>
> The fact is I'm running apache 2.2.16 on debian and runing it as user
"itsat" which have "0022" umask. ( user "itsat" creates files in 644
>
Put umask 022 in the /etc/apache2/envvars file.
> itsat@test:/tmp$ touch foo
> itsat@test:/tmp$ ls -ltr
> total 252
> drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
> drwx------ 2 root root 100 dic 11 08:51 vmware-root
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
>
> But when doing an "upload" ( from any browser) the mod_fcgid creates a
tmp file with 600 permissions !! ( an lots of problems after because I can
not read it from a CGI program who expects 644 permissions.
>
>
> itsat@test:/tmp$ ls -ltr
> total 252
> drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> drwx------ 2 root root 100 Dec 11 08:51 vmware-root
>
>
> Can anybody help me to change this behavior on apache/mod_fcgid ?
>
> Thanks!!!
>
> --
>
> Att
>
> Toni Moreno
>
> 699706656
>
>
>
>
> Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido,
>
> escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
>
>
>
> Benjamin Franklin
>
>