0

Ok, I thought I understood linux permissions and users and groups and all that, but I'm very confused about something. I've installed lighttpd, and left it's default dir at /var/www with cgi enabled and pointing to /var/www/cgi-bin/.

I dropped some python files in there and it works. I can browse to the directory via ssh and run them, and I can hit them in my browser and they run also.

The weird thing is that I can no longer drop files into the cgi-bin folder via sftp. I assumed it was a permissions error, and when I ran ls -l I get drwxrwxr-x fr the folder. Is that why I can't ftp files? My ftp user is not the owner or group for that folder. But then I checked the .py files themselves and got -rw-r--r--. So how can these scripts execute? It looks like no one can run them, but I can run them directly or via lighttpd in a browser.

What's going on here?

LoveMeSomeCode
  • 101
  • This is basically a permissions problem, your sftp user does not have permission to add files to /var/www/*. Personally I keep all files owned in /var/www/* owned by root:www-data and ro by www-data. There are other options, see the link I gave you. – Panther Feb 19 '13 at 00:18
  • ok, but that doesn't explain the execute permissions right? how am i able to run these files locally or through the webserver? – LoveMeSomeCode Feb 19 '13 at 16:47
  • you have to have x permissions. The web server runs as www-data. If your user is in the www-data group, and the files have r-x permission for www-data group you are good to go. See also https://help.ubuntu.com/community/FilePermissions – Panther Feb 19 '13 at 17:44
  • that's what I meant. I have no x permissions at all. The user, the group, the other, no one has x permissions, and the files still run. Any ideas? – LoveMeSomeCode Feb 19 '13 at 18:09
  • 1
    lighttpd is reading and lighttpd is executing the code via your cgi. – Panther Feb 19 '13 at 18:12
  • ahh, ok, that makes sense. Thanks for the info! – LoveMeSomeCode Feb 19 '13 at 19:10

0 Answers0