Protection against thoughtless web hostsHi all, This is a somewhat technical message, and even if it's long, and even if some of you may feel that it is 'above your head', I suggest that you read it through. Many (most?) of us are using web hosting accounts on shared servers for running Ringlink. In case of Unix like platforms, Ringlink's access to the saved data is dependent on a combination of file ownership and file permission. File ownership for files created by a CGI script (like Ringlink) equals the user the script is run as, and is controlled by the server configuration, while file permissions for newly created files and directories under the Ringlink data directory are controlled via two variables in rlconfig.pm: $rlmain::dirmode = 0755;
$rlmain::filemode = 0644;The second digit in those four digit numbers determines the permission for the file owner, while the fourth digit determines the permission for other users. Now, why am I saying this? The reason is that once in a while, web hosts change the user that CGI scripts are run as. Unfortunately they often do so without even notifying their customers about the change. :( (That's what I'm referring to with "thoughtless" in the subject line.) Anyway, when that happens, and if the fourth digit above is lower than the second digit, Ringlink may loose its access to previously saved data. So, how do you prevent problems due to such a change? Well, one way might be to simply make all files 'world writable' by assigning the two variables above 0777 respective 0666. This is a 'dangerous' way, though, and not advisable. My recommendation is that the permission variables in rlconfig.pm are assigned 0755 respective 0644, i.e. just like the current default values. If that has been the case all since Ringlink was first installed, the following steps will fix the permission problems resulting from a change in the user which CGI scripts are run as: 1) Take a backup from admin.pl 2) Rename the /data directory to for instance /olddata 3) Create a new /data directory. Maybe there is a need to chmod it 777, maybe not. 4) Move the backup file to the new /data directory 5) Run "Restore data" from admin.pl However, and this is the reason for this post, the default settings in rlconfig.pm has not been 0755 respective 0644 in all Ringlink releases. A few releases ago, it was 0700 respective 0600 instead. Consequently, for some Ringlink installations, there are files and directories that are 'vulnerable' if the file ownerships are changed suddenly. To fix this, and make it easy to handle a possible change in file ownership by following the five steps above, you can do the following: - Ensure that the statistics is enabled (this is controlled by the $rlmain::stats variable in rlconfig.pm). - Ensure the following values of the permissions variables in
rlconfig.pm:
$rlmain::dirmode = 0755;
$rlmain::filemode = 0644;- Log in via admin.pl. - Run the "Reset stats" routine. The reason why this may make a difference is that besides resetting the ring statistics, the "Reset stats" routine sets the permissions for files and directories in accordance with the current settings in rlconfig.pm. Okay, thanks for reading all the way here. :) I suppose that some of you know much more about these things than I do, and I hope that you will provide additional info (or corrections) if you find it motivated. Finally, to those of you who provide web hosting services: Please do not act as thoughtless as some of them out there do. Never change the user that CGI scripts run as without informing your customers properly and providing immediate assistance with changing the file owner of existing files and directories.!! / Gunnar
|