[Linux-disciples] Setting user and group rights automatically in vim

Adam Kessel linux-disciples@bostoncoop.net
Wed, 29 Oct 2003 10:01:27 -0800 

You'd be much better off creating a new group for all of your blog files;
joining that group yourself; have your blog script run setuid that group;
make the directory setgid that user; entering 'umask 002' before editing
your blog entries.  

adduser blog
adduser slaniel blog
chown blog:blog /usr/lib/cgi-bin/blosxom.cgi
chmod u+s /usr/lib/cgi-bin/blosxom.cgi
chown -R slaniel:blog /home/slaniel/public_html/blosxom
chmod g+s /home/slaniel/public_html/blosxom/posts_and_data
umask 002

As things stand now, you're making your entire blog directory hierarchy
writable by the web server, which includes not only the blosxom script
but anything else you have running (e.g., salonify). A security hole in
any of them could allow a remote attacker to, e.g., delete your entire
blog directory hierarchy.

On Wed, Oct 29, 2003 at 12:37:26PM -0500, Stephen R Laniel wrote:
> The blogging package that I use (blosxom) works by grabbing all the files
> under a given point in the filesystem tree and displaying them in date
> order. One blosxom plugin I use adds metadata to each text file, for
> whatever reason. The plugin runs under user www-data, whereas when I
> create a new file in vim its user:group is slaniel:slaniel. So the meta
> plugin doesn't work unless I manually change the owner on the file. I get
> errors like this in my /var/log/apache/error.log:
> 
> /*
> Unable to update date meta-tag on /home/slaniel/public_html/blosxom/posts_and_data/politics_and_policy/bush_war_on_terror_iraq_etc.txt
> */
> 
> So: is there any way to configure vim so that whenever it creates a new
> file under a specific path, it creates that file with a specific user,
> group, and permissions?
> 
> -- 
> ``The Defensive Department was founded in the mid-1960s to manage the
>   official U.S. position on the Vietnam War. The department has recently
>   come under fire for the size of its budget, which is currently larger
>   than at any time since Richard Nixon was in office.''
>  -http://www.theonion.com/3942/news1.html
> 
> _______________________________________________
> Linux-disciples mailing list
> Linux-disciples@bostoncoop.net
> http://bostoncoop.net/mailman/listinfo/linux-disciples

On Wed, Oct 29, 2003 at 12:43:11PM -0500, Stephen R Laniel wrote:
> Not sure if that last message was clear. Here's what I have to do now:
> when I finish editing a new blog post in vim, I go to the root of the
> tree from which blosxom grabs its posts, and I run
> 
> chown -R * slaniel:www-data
> chmod g+w -R *
> 
> I'd like to avoid having to do this.
> 
> -- 
> ``The Defensive Department was founded in the mid-1960s to manage the
>   official U.S. position on the Vietnam War. The department has recently
>   come under fire for the size of its budget, which is currently larger
>   than at any time since Richard Nixon was in office.''
>  -http://www.theonion.com/3942/news1.html
> 
> _______________________________________________
> Linux-disciples mailing list
> Linux-disciples@bostoncoop.net
> http://bostoncoop.net/mailman/listinfo/linux-disciples


-- 
Adam Kessel
http://bostoncoop.net/adam