Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Re: Re: Dangerous diamonds!

by sauoq (Abbot)
on May 21, 2003 at 17:06 UTC ( [id://259795]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Dangerous diamonds!
in thread Dangerous diamonds!

Scripts that clean up after users. System wide /tmp and per-user ~/tmp directories, for example.

Make /tmp owned by 'sys' or create a system user for it. You can do the same for ~/tmp directories, just make them group writable by a system group... But really, users should be left to clean up after themselves. Institute quotas if they refuse to do so. Give them access to cron so they can automate cleanup if they like. This has an added benefit; since it is their ~/tmp directory, they should choose how old files should be before they are removed.

And scripts that md5sum some user files.

I'm sure there is an easy solution, but its hard to say what it is without more information. Why are you doing it? Which user files? Do you really need a glob to describe them or do they have well-defined names? Is it a service to users that they can be given control of (like cleaning up their ~/tmp dirs?) Can the files in question be group readable?

Perhaps the smallish log rotator could be run as apache. Let's see, nope, Apache writes its logs as root.

Out of the numerous ways you can handle that one, I'll point out the easiest: make the logs directory writable only by root. You shouldn't have to do anything because that's the default anyway. Since someone would need root before creating a file with an evil filename in that directory, it would be pointless for them to do so.

-sauoq
"My two cents aren't worth a dime.";

Replies are listed 'Best First'.
Re: Re: Re: Re: Dangerous diamonds!
by Juerd (Abbot) on May 21, 2003 at 17:29 UTC

    Do you really need a glob to describe them or do they have well-defined names?

    No. It's just laziness. I could opendir/readdir/closedir and use three-arg open. But I didn't, because I didn't know -p/-n used two-arg open.

    I'll point out the easiest: make the logs directory writable only by root.

    It already is, but one little bug in Apache could perhaps allow the names to be user-defined. After all, the logs are full of user input.

    Anyhow, it *all* boils down to laziness. I could set up ACLs, of course. It's a matter of convenience. Usually this works out just fine. Too bad this time Perl didn't DWIM.

    Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://259795]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-03-28 21:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found