[Chicago-talk] chown inside a script

Jay Strauss me at heyjay.com
Thu Dec 6 14:51:24 PST 2007

On Dec 6, 2007 3:47 PM, Jason Rexilius <jason at hostedlabs.com> wrote:
> Yeah, that isn't as bad as having this exposed to the internet.
> Here is a way that breaks the tasks apart and gives you ability to wrap
> security controls around bits.
> 1) Write a cron job that runs every minute, as root that simply does a
> mv or a cp -p && rm of filenames in a list (for security sake, stripping
> out any '..' and prepending a hard-coded path prefix.)
> 2) Write a cgi-script that simply writes a list of files to be moved
> that the cron job reads.  Something as simple as a touch
> /tmp/movefiles/[name_of_file] (which cron does readdir then removes tmp
> files when done).
> I just like keeping suid root script out of line of cgi..

I guess better yet, just run the cron job on the "closed" directory,
and do the code I'm currently doing in the cgi to determine file


More information about the Chicago-talk mailing list