Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail
From: "John B. Matthews" <nospam@nospam.invalid>
Newsgroups: comp.lang.java.programmer
Subject: Re: File uploaded under 'nobody' uid on linux
Date: Thu, 19 May 2011 20:51:16 -0400
Organization: The Wasteland
Lines: 27
Message-ID: <nospam-9D2A2B.20511619052011@news.aioe.org>
References: <4b17d468-3056-4dc2-b1bb-5124ec077589@v10g2000yqn.googlegroups.com> <ir2p4n$kf4$2@lust.ihug.co.nz> <ir34lt$eqj$1@news.albasani.net>
NNTP-Posting-Host: LQJtZWzu+iKlBROuDg+IUg.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: MT-NewsWatcher/3.5.3b3 (Intel Mac OS X)
X-Notice: Filtered by postfilter v. 0.8.2
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4324

In article <ir34lt$eqj$1@news.albasani.net>, Lew <noone@lewscanon.com> 
wrote:

> On 05/19/2011 05:50 AM, Lawrence D'Oliveiro wrote:
> > In message
> > <4b17d468-3056-4dc2-b1bb-5124ec077589@v10g2000yqn.googlegroups.com>, ruds
> > wrote:
> >
> >> Now, please tell me what should I do so that whenever files are 
> >> uploaded they are stored with the user's name where all code and 
> >> other files are stored.
> >
> > On way is to activate this mechanism
> > <http://httpd.apache.org/docs/current/suexec.html>.
> 
> The OP has not stated that he's using httpd.

Lew: This point is well taken, but the article _does_ outline the 
(myriad) security issues that ruds should consider.

ruds: If you don't use httpd/suEXEC, you're likely going to have to 
create something similar.

-- 
John B. Matthews
trashgod at gmail dot com
<http://sites.google.com/site/drjohnbmatthews>