Re: idiot question about chown

From: lawrence (lkrubner_at_geocities.com)
Date: 08/24/04 

Date: 24 Aug 2004 01:09:14 -0700

Interland tells me to change ownership I need to use the command
vchown. I looked in my Linux book and didn't see a mention of vchown.
Is it a standard command, or something Interland whipped up for use on
its own servers?

James Keasley <me@privacy.net> wrote in message news:<slrncha54r.5s2.me@athena.homeric.co.uk>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2004-08-06, lawrence <lkrubner@geocities.com> wrote:
> > James Keasley <me@privacy.net> wrote in message
> >> Why do the file in htdocs need to be owned by the user that PHP
> >> is running as? All it means is that you'll have to su to root to
> >> edit the files, don't do it.
> >
> > Each domain on the server keeps its public files in a directroy called
> > htdocs. htdocs has permission of 775, meaning the public can't write
> > to it, but otherwise it is wide open. PHP doesn't seem to be allowed
> > to write to it. I assume it is a security risk to give it permissions
> > of 777, so I'd like to give PHP ownership of directory, so PHP can
> > write to it. Thereafter, when I need to do something to that
> > directory, I assume I can just change to the user id of PHP, and use
> > that to make changes.
>
> In this case a better plan might be to change the group ownership
> instead, so that the files have the same group membership as php,
> but are owned by the user who is going to be working with them.
> For this the command chgrp is used, which has the same syntax
> as chown.
>
> That way the user doesn't have to run with elevated privileges
> when they are editting the files, but they belong to another
> group that the programs that are interpretting the files are running
> as.
>
> Debian for example has a user and group called www-data, which
> allows group members to manipulate files in htdocs while still
> running as a normal user.
>
> >> And, on a completely irrelevant note, why the hell are you using
> >> telnet, thats just dumb, even on a "private" intranet. Use SSH
> >> instead, it is also more convenient if you put your key on the
> >> boxes you need to get into and use ssh-agent.
> >
> > It is ssh. I didn't think anyone used regular telnet anymore, so I
> > didnt' think I had to specify that I was using the secure version of
> > telnet.
>
> Ah, ok, trouble with usenet is that if you can't assume that when
> someone says telnet they really mean ssh, as they might be using
> telnet because they don't know any better.
>
> >> Because, unless someone has been spectaculary fuckwitted, you aren't
> >> running with root permissions, you can check by doing:
> >
> > You can't change the ownership of a file even if you own the file?
>
> Nope, because chown changes the ownership to another user, so only
> root can do it, as this could have security implications, possibly.
>
> - --
> James jamesk[at]homeric[dot]co[dot]uk
>
> Greed is never good - Linus Torvalds
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFBFRSbqfSmHkD6LvoRAsDtAJ0SRW8FB1fpePo8F+TaTO+j5vMLfQCfdPOh
> Pu3KNJjNYa1zbG4/Cg1lzkc=
> =BCq8
> -----END PGP SIGNATURE-----

Quantcast