Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

deleting files created via cgi

by db2admin (Acolyte)
on Dec 07, 2002 at 22:59 UTC ( #218296=perlquestion: print w/replies, xml ) Need Help??

db2admin has asked for the wisdom of the Perl Monks concerning the following question:

I have a perl script which creates images(files) on a shared web server. Part of the functionality of the web site will include allowing users to delete images they no longer need.

I have tried using chmod in the perl script that creates the images but when I take a look at the image created, it shows the same (default -rw-r--r-- ). I have looked at the archives and don't see any specific pointers for allowing a nobody process to delete a file. The only suggestion I found is for deleting a temporary file that is created within the same script.

How would I delete a file that is created outside of the script?

Replies are listed 'Best First'.
Re: deleting files created via cgi
by gjb (Vicar) on Dec 07, 2002 at 23:15 UTC

    I wouldn't if I were you. It's a very scary idea.

    If you insist, you could always write to file with a list of files to delete from the CGI and run a cron job that periodically does the actual deletion and empties the file list.

    Hope this helps, -gjb-

      Maybe I interpret the OP's question wrongly, but if the script in question presented the user with a list of the files they uploaded, and allows them to indicate which of those files are to be deleted by clicking check boxes or radio buttons, and the selection made is mapped to actual path/file at the server. Ie. The path information is not derived from any source that the user has the ability to edit. (Phew! A lot of caveats!)

      Under those circumstances, there is no reason that files should not be deleted on behalf of the user is there?

      If the fear is that the user might supply the names of files other than those which they might legitimately want to delete, I fail to see how marking files for deletion in the script and having another automated process delete them would be any more secure?

      I'm not really up-to-scratch on *nix security, but surely it would be possible to create an account specifically for running the webserver that only had delete privileges in the upload directory and nowhere else?


      Okay you lot, get your wings on the left, halos on the right. It's one size fits all, and "No!", you can't have a different color.
      Pick up your cloud down the end and "Yes" if you get allocated a grey one they are a bit damp under foot, but someone has to get them.
      Get used to the wings fast cos its an 8 hour day...unless the Govenor calls for a cyclone or hurricane, in which case 16 hour shifts are mandatory.
      Just be grateful that you arrived just as the tornado season finished. Them buggers are real work.

        If one's very careful (and sufficiently self-confident ;-) it's possible to code this in a way that's pretty safe. The problem is that if somehow the use might get a filepath smuggled in somehow, there's a lot of havoc to be created.

        The Unix permissions are not as fine-grained as those of Windows NT/2000. The Unix write permission allows one to change and delete the object. This means that any file that can be written by the userID running the httpd can be changed/deleted, including log files.

        Again, if one can make absolutely sure that the user never gets to set filepaths, for example by using a hash to map an file ID to an actual file name, there's no problem in having users delete files.

        I just wanted to stress that one has to be very alert when writing this kind of scripts.

        Just my 2 cents, -gjb-

      I second that idea.

      Allowing other users to delete items is iffy. I'd like to suggest "marking" the files deleted, and generate a report of "deleted" files.

      Now, I'm not against deleting files via CGI, but there are unforeseen dangers in allowing anyone to delete information from your server. If you do decide to allow file deletion, use strict; Taint (-T) and lots of self checking to make sure someone down the road doesn't decide to poke around and inadvertantly wipe out information you'd grown attached to.

      John J Reiser
      newrisedesigns.com

Re: deleting files created via cgi
by FamousLongAgo (Friar) on Dec 07, 2002 at 23:23 UTC
    As everyone will tell you, this is risky. The safest way I can think of to do it is to have the CGI program mark images as 'deleted' in a database or other persistent file, and have a batch script run every night to remove images that have been marked for deletion.

    The key point is to separate the actual file removal code into a script that can't be run as a CGI

Re: deleting files created via cgi
by dree (Monsignor) on Dec 07, 2002 at 23:31 UTC
    > How would I delete a file that is created outside of the script?

    You can't, because your script is running under apache that is "nobody", i.e. from a user that is different from the user you login into the server.

    You have to chmod 666 (i.e. -rw-rw-rw) the files from the script after their creation.

    To delete files that you have created before this "patch", write another CGI that sets all the existing files to 666. Then you can delete it from the login user.
      ...because your script is running under apache that is "nobody"...

      Well, one would hope that Apache is at least running scripts as a non-privileged account. I had the misfortune recently to come across an Apache installation on one of our Solaris boxes that was running scripts as root. A quick phone call to the sysadmin followed by some httpd.conf tweakage soon cleared that one up thankfully ;-)

      -- vek --

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://218296]
Approved by dws
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2022-07-02 05:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My most frequent journeys are powered by:









    Results (102 votes). Check out past polls.

    Notices?