hello, i am running some software that will create files at random times (like log files and such) into one directory in htdocs/

the program (run as root on startup) can write the files just fine, but then as nobody (the user apache runs as) a CGI script cannot write to and/or delete these files

easy response #1: run program as nobody, cannot be done becuase that opens up security holes with being able to login to a bash shell with nobody, which is a system account

easy response #2: set SGID on htdocs/ directory, cannot be done because then the default umask is 022, which A: will not allow anyone in the group to write to it and B: it makes new directories under htdocs/, which will not inherit the group owner from htdocs/

easy response #3: change default umask for machine, security risk

easy response #4: set a cron job to chmod 777 htdocs -R, doing that currently, but there has to be a cleaner way to do it

thanks for your help

--adam

What are the original permissions of the files you want to edit/delete?

What is the user / group owning the files to be modified?

What language are you using for your CGI scripts? (perl?)

Permissions of 777 on contents of htdocs (or any other area) is not a good idea!

the original permissions are 644 and are owned by root by default

the cgi script is a bash script, i guess is the programming language used in it


i know permissions of 777 is a bad idea, but my options were quite limited at the time, thats why im asking the question in the first place

thanks for your help
--adam

Check your /etc/passwd and /etc/group files for "apache"

If this account doesn't exist, create it

(as root)
groupadd apache

useradd -g apache -c "Account for Apache" apache

Edit your httpd.conf and change the lines for User and Group to:

User apache
Group apache

Change ownership of the htdocs files to apache:apache

Restart httpd
apachectl restart

Run the program which creates the files as the new user