| View previous topic :: View next topic |
| Author |
Message |
celloandy
Tux's lil' helper
Joined: 29 Jan 2003
Posts: 113
Location: Washington, DC
|
 Posted: Tue Jun 13, 2006 3:45 pm Post subject: Database file permissions |
 |
|
First, an initial disclaimer: this is not a Gentoo question, so if posting off-topic is a problem, I apologize, but I haven't had any luck elsewhere and have found, in general, that people here are more knowledgable than most about Unix/Linux issues, so I figured it was worth a go. Sorry if that's a problem.
I'm working a web site for a student organization at my university that will go on the school's main webserver, and will be written in Coldfusion (unfortunately, that's the only option). Student organizations don't have access to the database server, so I'm planning on using the SmallSQL file-based SQL engine for minimal database stuff via JDBC. My issue, though, is that I need to be able to read and write to the database, but the script will run as the webserver user (I think... there may be a separate ColdFusion user, but I don't think so), so the only way I've been able to get the thing to work is to make the database files world-writeable, but that makes me really nervous, as it's a shared system. I thought about trying to figure out some way of forking a separate process to do the database work and setuid'ing it, but I don't think ColdFusion will let me do that. Any thougts on how I might go about letting my scripts manipulate my DB without letting the whole world write to it?
Andrew
(Oh, and the machine is running Solaris 9 and Apache, if it matters.) |
|
| Back to top |
|
 |
jonnevers
Veteran
Joined: 02 Jan 2003
Posts: 1594
Location: Gentoo64 land
|
| Posted: Tue Jun 13, 2006 3:47 pm Post subject: Re: Database file permissions |
|
|
| celloandy wrote: | Any thougts on how I might go about letting my scripts manipulate my DB without letting the whole world write to it?
Andrew
(Oh, and the machine is running Solaris 9 and Apache, if it matters.) |
contact the administrator and have then chown the SQLLite db file to the user apache run's as. or better chgrp it to the apache user's group so it can read it but leave it owned by you so you can manipulate it too. chgrp + chmod or just a straight up chown. |
|
| Back to top |
|
|
celloandy
Tux's lil' helper
Joined: 29 Jan 2003
Posts: 113
Location: Washington, DC
|
| Posted: Tue Jun 13, 2006 3:50 pm Post subject: Re: Database file permissions |
|
|
| jonnevers wrote: | | contact the administrator and have then chown the SQLLite db file to the user apache run's as. or better chgrp it to the apache user's group so it can read it but leave it owned by you so you can manipulate it too. chgrp + chmod or just a straight up chown. |
I'll try that if nothing else works, but I'm pretty sure they'll say no. Our admins are pretty Draconian, so my preference would be a technical solution, if there is one.
Andrew |
|
| Back to top |
|
|
thepustule
Apprentice
Joined: 22 Feb 2004
Posts: 212
Location: Toronto, Canada
|
| Posted: Tue Jun 13, 2006 4:46 pm Post subject: |
|
|
world-writeable should not be necessary.
Just use a group. |
|
| Back to top |
|
|
celloandy
Tux's lil' helper
Joined: 29 Jan 2003
Posts: 113
Location: Washington, DC
|
| Posted: Tue Jun 13, 2006 10:19 pm Post subject: |
|
|
| thepustule wrote: | world-writeable should not be necessary.
Just use a group. |
Again, that would be nice, but I don't have root on the box (it's the main school server), and my account isn't in any groups that the webserver is also in, so this would also take intervention on behalf of the admins. I'm thinking that there's really no way around this, and the database won't contain any sensitive information or anything, so I'll probably just do regular backups and trust the other users not to deface my data...
Andrew |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
