FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » using scripting languages to automate a browser
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: getting a php capability on ubuntu was Re: using scripting languages to automate a browser [message #180432 is a reply to message #180431] Thu, 14 February 2013 06:48 Go to previous messageGo to previous message
Cal Dershowitz is currently offline  Cal Dershowitz
Messages: 36
Registered: February 2013
Karma:
Member
On 02/13/2013 04:40 PM, The Natural Philosopher wrote:
> On 13/02/13 04:09, Cal Dershowitz wrote:
>> On 02/12/2013 07:27 AM, The Natural Philosopher wrote:
>>
>>> All here by the looks of it
>>>
>>> https://help.ubuntu.com/community/ApacheMySQLPHP
>>>
>>>
>>>
>>
>> Thanks all for comments. I got as far in the process as to have a
>> localhost that shows up in a browser and try to write test.php, and I
>> don't want to get too far ahead of myself with enabling permissions.
>>
>> $ cat > test.php
>> bash: test.php: Permission denied
>> $ pwd
>> /var/www
>> $ cd ..
>> $ ls -l
>> total 48
>> drwxr-xr-x 2 root root 4096 Feb 1 17:18 backups
>> drwxr-xr-x 18 root root 4096 Feb 12 20:06 cache
>> drwxrwsrwt 2 root whoopsie 4096 Dec 13 07:35 crash
>> drwxr-xr-x 2 root root 4096 Apr 23 2012 games
>> drwxr-xr-x 66 root root 4096 Feb 12 20:07 lib
>> drwxrwsr-x 2 root staff 4096 Apr 19 2012 local
>> lrwxrwxrwx 1 root root 9 Jan 23 02:33 lock -> /run/lock
>> drwxr-xr-x 19 root root 4096 Feb 12 20:07 log
>> drwxrwsr-x 2 root mail 4096 Apr 23 2012 mail
>> drwxr-xr-x 2 root root 4096 Apr 23 2012 opt
>> lrwxrwxrwx 1 root root 4 Jan 23 02:33 run -> /run
>> drwxr-xr-x 8 root root 4096 Apr 23 2012 spool
>> drwxrwxrwt 2 root root 4096 Feb 12 20:02 tmp
>> drwxr-xr-x 2 root root 4096 Feb 12 20:08 www
>> $
>>
>> Without any better notion, I would simply chmod a +w here for www, but
>> I'd first like to ask if that's a good idea, as sometimes I've found
>> that when I lack permission to do something, that it's more like keeping
>> me from shooting myself in the foot.
>>
>> What would you do now?
> I would make www owned by (IIRC) www-data or whatever apache runs under,
> and group staff and leave the permissions alone.

Can you elaborate?
>
> If that is felt to be a bit lax there are other arrangements involving
> sticky bits that can ensure that what goes in there gets allocated to
> the right group.
>
> For a nasty hack for testing and getting stuff working chmod 777 the
> directory at least. But don't do that on a publicly
> visible server.
>
> It pays to understand the permissions system on *nix properly,and use it
> as another line of defence against hackers.
>
>
> #
>


Thank you, NP. "Dirty" is particularly-encouraging as a tactic, since
it really is only me here, on an ancient machine, trying to make
something happen.

I've been x-posting here for a bit and even cross-threading, not out of
malice for the original topicalit of forums, but for the direction a
thread takes.
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
....
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
colord:x:103:108:colord colour management
daemon,,,:/var/lib/colord:/bin/false
lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false
whoopsie:x:105:114::/nonexistent:/bin/false
avahi-autoipd:x:106:117:Avahi autoip
daemon,,,:/var/lib/avahi-autoipd:/bin/false
avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false
kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false
rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false
speech-dispatcher:x:112:29:Speech
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false
saned:x:114:123::/home/saned:/bin/false
fred:x:1000:1000:fred,,,:/home/fred:/bin/bash
landscape:x:115:125::/var/lib/landscape:/bin/false
sshd:x:116:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:117:126:MySQL Server,,,:/nonexistent:/bin/false
$


Q,7) Are these the users of my ubuntu system?

After the ellipses, I think all of that got added as I did a LAMP
install. Now I have a quiver full of questions.

Q1) Now that I have shown /etc/passwd on-line, have I laid out my cards
to hackers who just have a lot of time their hands, be bored and want to
do something interesting. Be aware that my machine and website might
total one hundred bucks in assets.

Q2) Do I want to create a group that comprehends all these differing
agents in apache?

You know what, now that I think about it, all these questions are right
in the strike zone for c.l.php and a.o.l.ubuntu.

Thanks for your comment and cheers,
--
Cal
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: CMS Recommendation
Next Topic: On click button in php
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 16:31:46 GMT 2024

Total time taken to generate the page: 0.04673 seconds