Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

File Upload Permission Problems

by Tallek (Initiate)
on Sep 12, 2006 at 19:50 UTC ( [id://572609]=perlquestion: print w/replies, xml ) Need Help??

Tallek has asked for the wisdom of the Perl Monks concerning the following question:

Ok, I'm a little confused right now and I can't seem to figure this out so any help would be appreciated.

what I'm working with:
I'm working with 2 environments, a test environment and a production evironment. The 2 enviroments are on different servers that are supposedly set up identically. Unfortunately, I don't have root access or permission/authority to do much with these servers.

what I need to do:
I've been tasked with updating a website that broke after a server move. The website used perl to implement a file upload utility. The file upload was failing.

what I've done thus far:
It was obvious the file upload problem was a permissions problem due to the server move. By granting full permissions on the upload directory, I could get the file uploads working for both environments. This was not satisfactory however because I don't want to open up the whole directory for write access (I don't really have a choice in this matter as it wasn't my decision). I figured that I could add the user executing the cgi scripts (lets call it 'cgiUser') to the group of the user/group owning the directories (lets call it 'user1' and 'userGroup1'). This way, I can grant write permissions for group to the upload directory but not for everyone. Eventually, I was able to get the system admins to add 'cgiUser' to 'userGroup1'.

the current problem:
After adding 'cgiUser' to 'userGroup1' I can set group permission to have write access to the upload directory and no write access for everyone else. File uploads work perfectly fine in the production evironment. They still fail with a permission denied error in the test environment and from what I can see, they look to be set up identically. Is there some other factor that I'm overlooking or don't know about?

here is what the upload directory looks like for both environments:
drwxrwxr-x 'user1' 'userGroup1' uploadDir

both environments have a 'user1' that belongs to the 'userGroup1'. Both environments run cgi scripts as 'cgiUser' and the 'cgiUser' is a member of 'userGroup1'.

the line of the cgi code thats failing on the test environment but working on production is:
sysopen OUTPUT, $file{fullpath}, O_CREAT | O_RDWR | O_EXCL or error( "Unable to save your file." );

on production environment, I tried taking away write permissions for the group and it fails as expected. It works when the group has write permissions. On test, I can grant everyone write permissions and it works. When it uploads, the files are owned by 'cgiUser' as expected. I grant group write permissions only and it fails.

I'm new to both perl and the unix evironment to some extent so sorry if I'm asking anything stupid here. Any advice that you can give me would be much appreciated. I'm off work for the day but I'll be back in the morning so thanks in advance for any feedback.

Replies are listed 'Best First'.
Re: File Upload Permission Problems
by sgifford (Prior) on Sep 12, 2006 at 21:35 UTC
    Sounds like the script isn't running with the group membership you think it is. From within the CGI script, try printing out the value of the variable $( to see what groups the CGI script is running as a member of.

    Also, you will probably have to restart the Web server after changing group membership, if you haven't done that already.


    --
    sgifford's Web page
[reply]
[d/l]
Re: File Upload Permission Problems
by lorn (Monk) on Sep 13, 2006 at 11:35 UTC
    If you use apache, normaly you user/group is apache/apache, if you try to save in the directory with this user/group, and dont work, try to save in /tmp for test, and see the user/group.

    Lorn
    -http://lornlab.org
    -slackwarezine.com.br

[reply]
Re: File Upload Permission Problems
by robartes (Priest) on Sep 13, 2006 at 13:21 UTC

    Another possible cause is that the directories higher up the path tree are not accessible to cgiUser. E.g., if your upload directory is /usr/local/htdocs/upload, check whether /usr/local/htdocs, /usr/local and /usr have at least rx for cgiUser.

    If you can log in as cgiUser, the easiest is to just cd into that directory as cgiUser and see what happens.

    CU
    Robartes-

[reply]
[d/l]
[select]
Re: File Upload Permission Problems
by Tallek (Initiate) on Sep 13, 2006 at 14:43 UTC
    Thanks for the help everyone and sorry for the late reply. I tried checking the $( var and its seems you were right. In production, the gid for 'userGroup1' is in the list but its not in the list on test. If i log in as 'user1' and check groups for 'cgiUser', it lists 'userGroup1' for both environments. I hadn't thought about the need to restart the server but I guess this is probably what's causing it huh? I can request a server restart and see what happens.

    Just for the record, files written by the scripts are owned by 'cgiUser' and one of its groups on both environments and 'cgiUser' has at least rx all the way up the path tree.

    Thanks for the help!
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://572609]
Approved by Joost
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others about the Monastery: (5)
As of 2024-04-18 21:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found