Jump to content

File Ownership And "nobody"

Russ

By Russ
in Security Discussions

 Share

Recommended Posts

Russ Collaborator

Russ

Posted
Posted (edited)

Not sure that this is the right forum page for this question, but here goes....I have been trying to follow a discussion regarding making Gallery2 secure, and have come accross a concept that I am not sure I fully understand. Some files (for example ".htaccess" and "congig.php") are user "owned" (I take this to mean the domain owner, me in the case of my domain hosted on TotalChoce) and others are "owned" by "Nobody" (I take this to mean TotalChoice or the webserver).

  • Are my assumptions above correct?
  • If so, how can you tell who "owns" what files?
  • When files are created, how is it determined who owns what files?

I suppose this might be a fairly complicated question, and I do not mean to take up anyone's time educating me - if there is some resouce you could direct me to that would be great!

 

Thanks!

 

Russ

Edited by Russ
abinidi Veteran

abinidi

Posted
Posted

There are certain actions that can only be taken on certain files if you are the file owner. For example, files who don't have an owner can't be deleted by you.

 

"Owner" basically means that you were the person who created the file. If you uploaded the file to the server or it was uploaded through your account, then you are the owner.

 

If the file was created by a script, then it is possible that "nobody" is the owner. The server created the file, but didn't assign an owner.

 

For security purposes, you can only delete files that you own. I don't know how you can tell if you own a file or not (except that if you try to delete it and can't, then you probably don't own it).

 

It is kind of like the Windows XP multiple users feature. Lots of people can log in to any one box, but user 2 can't modify user 1's files (assuming 2 isn't an admin). In virtual hosting, lots of users can log in to any one server, but you can't modify anybody's files but your own.

 

If you hare having trouble removing a file, you can ask the help desk to delete it for you, or to change the owner to you.

 

Maybe somebody else can chime in and explain how you can tell who the owner of a particular file is.

TCH-Bruce Grand Master

TCH-Bruce

Posted
Posted

Most FTP programs will show the owner of the files. It may not be turned on but most have it. I know CuteFTP does.

 

The number in the owner field of the public_html folder is your ID. Any files with a different number would be the web server most likely.

abinidi Veteran

abinidi

Posted
Posted

Learn something new every day (or every hour, in this business!)

 

Thanks, Bruce!

TweezerMan Veteran

TweezerMan

Posted
Posted
Most FTP programs will show the owner of the files. It may not be turned on but most have it. I know CuteFTP does.

SmartFTP will also show who owns the files in a server directory listing.

 

If the file was created by a script, then it is possible that "nobody" is the owner. The server created the file, but didn't assign an owner.

All files and directories on the server have an owner. The user 'nobody' is a real, low-privileged user created by the system that can be used to limit what scripts can do on the system. PHP scripts on TCH servers run as the user 'nobody' for this reason.

 

There are certain actions that can only be taken on certain files if you are the file owner. For example, files who don't have an owner can't be deleted by you.

 

...

 

For security purposes, you can only delete files that you own.

Actually, you can delete files you don't own *if* the directory containing the file you don't own has 0777 permissions. If you own the directory containing the file, you can change the directory's permissions to 0777, delete the file, then reset the directory permissions back to what they were (usually 0755). If 'nobody' owns the directory and it's permissions are not 0777, that would be a problem, as you can't change the permissions on directories you don't own. In that case, you'd need to ask the Help Desk to delete the file for you.

 

When files are created, how is it determined who owns what files?

If the file was created by a PHP script, it will be owned by 'nobody'. In any other case, the file will be owned by you.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...