类似wiki的站点的文件权限 [英] File permissions for a wiki-like site
问题描述
您好,
我正在编写一个网站,其中少数人可以使用PHP脚本(FCKeditor)编辑内容
。内容存储为目录中的单个文件。我想使用PHP,cookie等验证编辑器
问题是我需要允许哪些文件权限
内容可由我的PHP脚本写入。我是否真的需要给其他提供
写权限?组。所有维基都真的那么好吗?b $ b易受攻击? (是的,我知道这就是重点,但对于受限制的维基,例如
......)
谢谢,
Adam
Adam Baker写道:
你好,
我正在写一个网站,其中少数人可以使用PHP脚本(FCKeditor)编辑内容
。内容存储为目录中的单个文件。我想使用PHP,cookie等验证编辑器
问题是我需要允许哪些文件权限
内容可由我的PHP脚本写入。我是否真的需要给其他提供
写权限?组。所有维基都真的那么好吗?b $ b易受攻击? (是的,我知道这就是重点,但对于受限制的维基,例如
......)
谢谢,
Adam
唯一写作的人将是Apache用户本身。
系统不知道或不关心谁在使用编辑器 - 这与Apache和用户之间完全相同。
请注意,除非您实施自己的安全措施,否则任何人都可以编辑任何文件。
-
==================
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
js ******* @ attglobal.net
==================
9月14日上午5:06,Jerry Stuckle< jstuck ... @ attglobal.netwrote:
Adam Baker写道:
您好,
我正在写一个网站,其中有少数人可以编辑
使用PHP脚本(FCKeditor)的内容。内容存储为目录中的单个文件。我想使用PHP,cookie等验证编辑器
问题是我需要允许哪些文件权限
内容可由我的PHP脚本写入。我是否真的需要给其他提供
写权限?组。所有维基都真的那么好吗?b $ b易受攻击? (是的,我知道这是重点,但对于受限制的维基,例如,
...)
谢谢,
Adam
唯一一个写作的人就是Apache用户本身。
系统不知道或不关心谁在使用编辑器 - 这与Apache和用户之间完全相同。
请注意,除非您实施自己的安全措施,否则任何人都可以编辑任何文件。
-
==================
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
jstuck ... @ attglobal.net
==================
感谢您的回复。我在这里很无知,所以我会看看是否可以提出一个连贯的后续行动。所以PHP脚本由
Apache用户运行。那是拥有Apache的用户,还是一个特殊的用户名?
那么,我想要给予
内容的rwx权限单独给那个用户(和我自己)的文件,不要做chmod 777.
那对吗?
谢谢,
Adam
Adam Baker写道:
9月14日上午5:06,杰瑞Stuckle< jstuck ... @ attglobal.netwrote:
> Adam Baker写道:
>>您好,
我正在编写一个网站,少数人可以使用PHP脚本(FCKeditor)编辑内容。内容作为单个文件存储在目录中。我想使用PHP,cookie等验证编辑器
问题是我需要允许哪些文件权限才能使我的PHP可以写入
内容脚本。我真的需要给其他的写权限吗?组。所有维基都真的那么脆弱吗? (是的,我知道这一点,但对于受限制的维基,例如......)
谢谢,
Adam
唯一一个写作的人就是Apache用户本身。
系统不知道或不关心谁在使用编辑器 - 这完全是在Apache和用户之间。
并注意除非你实现自己的安全性,任何人都可以编辑任何文件。
-
================ ==
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
jstuck ... @ attglobal.net
=============== ===
感谢您的回复。我在这里很无知,所以我会看看是否可以提出一个连贯的后续行动。所以PHP脚本由
Apache用户运行。那是拥有Apache的用户,还是一个特殊的用户名?
那么,我想要给予
内容的rwx权限单独给那个用户(和我自己)的文件,不要做chmod 777.
那对吗?
谢谢,
Adam
机器中的每个进程都在特定用户下运行。这就是
决定了流程可用的权限。
没有人拥有 Apache的。有一个用户(甚至不止一个)
拥有Apache用来运行的文件。并且有一个Apache
进程的用户。它们可能相同也可能不相同。
chmod到777是非常危险的 - 它允许你服务器上的任何人
来读写你的文件。如果你重视这些文件,我们永远不应该这样做,恕我直言。
相反,你应该设置用户和组来提供
相应的权限,然后相应地设置文件权限。
我建议你买一本关于Linux管理的书。它会帮助你带来很多不同的东西。而且我不是在讨论
的建议;学习Linux管理的一些基础知识
可以帮助你更好地理解这一点 - 这可能会让人很困惑。
-
==================
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
js ******* @ attglobal.net
==================
Hello,
I''m writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I''d like to validate the "editors"
using PHP, cookies, etc.
The question is what file permissions I need to allow for the
content to be writable by my PHP script. Do I really need to give
write permissions to the "other" group. Are all wikis really that
vulnerable? (yes, I know that''s the point, but for restricted wikis,
for instance...)
Thanks,
Adam
Adam Baker wrote:Hello,
I''m writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I''d like to validate the "editors"
using PHP, cookies, etc.
The question is what file permissions I need to allow for the
content to be writable by my PHP script. Do I really need to give
write permissions to the "other" group. Are all wikis really that
vulnerable? (yes, I know that''s the point, but for restricted wikis,
for instance...)
Thanks,
Adam
The only one doing the writing will be the Apache user itself. The
system doesn''t know or care who is using the editor - that''s completely
between Apache and the user.
And beware that unless you implement your own security, any of those
people will be able to edit any of the files.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.netwrote:Adam Baker wrote:Hello,
I''m writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I''d like to validate the "editors"
using PHP, cookies, etc.
The question is what file permissions I need to allow for the
content to be writable by my PHP script. Do I really need to give
write permissions to the "other" group. Are all wikis really that
vulnerable? (yes, I know that''s the point, but for restricted wikis,
for instance...)
Thanks,
Adam
The only one doing the writing will be the Apache user itself. The
system doesn''t know or care who is using the editor - that''s completely
between Apache and the user.
And beware that unless you implement your own security, any of those
people will be able to edit any of the files.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================Thanks for your reply. I am quite ignorant here, so I will see whether
I can even ask a coherent follow-up. So the PHP script is run by the
Apache user. Is that the user that owns Apache, or a special username?
It would seem, then, that I would want to give rwx permissions for the
content files to that user alone (and myself), not do a chmod 777. Is
that right?
Thanks,
Adam
Adam Baker wrote:On Sep 14, 5:06 am, Jerry Stuckle <jstuck...@attglobal.netwrote:>Adam Baker wrote:>>Hello,
I''m writing a site where a handful of people will be able to edit
the content using PHP scripts (FCKeditor). The content is stored as
individual files in a directory. I''d like to validate the "editors"
using PHP, cookies, etc.
The question is what file permissions I need to allow for the
content to be writable by my PHP script. Do I really need to give
write permissions to the "other" group. Are all wikis really that
vulnerable? (yes, I know that''s the point, but for restricted wikis,
for instance...)
Thanks,
AdamThe only one doing the writing will be the Apache user itself. The
system doesn''t know or care who is using the editor - that''s completely
between Apache and the user.
And beware that unless you implement your own security, any of those
people will be able to edit any of the files.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
Thanks for your reply. I am quite ignorant here, so I will see whether
I can even ask a coherent follow-up. So the PHP script is run by the
Apache user. Is that the user that owns Apache, or a special username?
It would seem, then, that I would want to give rwx permissions for the
content files to that user alone (and myself), not do a chmod 777. Is
that right?
Thanks,
Adam
Every process in the machine runs under a specific user. That''s what
determines the permissions available to the process.
No one "owns" Apache. There is a user (or even more than one) which
owns the files Apache uses to run. And there is a user for the Apache
process. They may or may not be the same.
And chmod to 777 is highly dangerous - it allows anyone on your server
to read and write to your files. It should never be done if you value
those files, IMHO.
Rather, you should set up the users and groups to provide the
appropriate permissions, then set the file permissions accordingly.
I''d suggest you get a book on Linux Administration. It will help you
with a lot of different things. And I''m not being sarcastic about the
suggestion; learning some of the basics of Linux administration will
help you understand a lot of this better - it can be quite confusing.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
这篇关于类似wiki的站点的文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
