[ic] Usertag/opendir don't work
Kevin Walsh
kevin at cursor.biz
Tue Sep 23 20:05:14 EDT 2003
Jürgen R. Plasser [plasser at hexagon.at] wrote:
> >
> > You could SafeUntrap the various Opcodes associated with directory
> > open/close/read etc., although I strongly suggest that you use a
> > global UserTag instead.
> >
> Global UserTag means that it is located in the interchange.cfg?
>
Yes, or in a file included from interchange.cfg - or in a file in
one of Interchange 4.9's code/* directories.
>
> Are there any other restrictions?
>
No. Local UserTags can do anything that's allowed in a Safe compartment.
Global UserTags can do anything you want, so be careful.
>
> I cannot read (as user interch) the directory
> /var/www/html/expert_images/_img drwxr-xr--, apache.apache
> but I can read the contents of
> /var/www/html/expert_images drwxr-xr-- drwxr-xr--, apache.apache (simply
> the same rights...).
> When I copy the directory to /var/lib/interchange/expertshop I have no
> problems to read it. I don't know why, maybe it's not my day ;-)
>
As a quick fix, change the mode to 0755 (drwxr-x-r-x) on all
affected directories.
You probably don't want the "apache" user to have write permission
on your directories or files, whereas you probably do want the
"interchange" user to have this sort of access, so I suggest that
you re-work your file/directory permissions, under your DocumentRoot
(probably /var/www/html, in your case) as follows:
directories:
owner: interchange
group: interchange
mode: 2775 (drwxrwsr-x)
files:
owner: interchange
group: interchange
mode: 0664 (-rw-rw-r--)
This can be further tuned, using different groups and group memberships,
if required.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
More information about the interchange-users
mailing list