Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Creating and writing a file to a password protected directory

by belize (Deacon)
on Oct 12, 2002 at 17:11 UTC ( #204781=perlquestion: print w/replies, xml ) Need Help??

belize has asked for the wisdom of the Perl Monks concerning the following question:

We are writing a CGI that runs through SSL and takes in confidential info from a form. We want to take the results from the form, and write it to a text file that is created and named by the time/date to a password protected directory, so we can then retrieve the file by entering our username and password.

Everything works great except - the only problem we now have is that the cgi can not create or write a file to the password protected directory (the directory is chmod 777, but requires authorization when the cgi tries to write to it). Is there a way to do this within the cgi?

  • Comment on Creating and writing a file to a password protected directory

Replies are listed 'Best First'.
Re: Creating and writing a file to a password protected directory
by thraxil (Prior) on Oct 12, 2002 at 18:11 UTC

    what exactly do you mean by 'password protected directory'? .htaccess protection or something? unix doesn't really have the concept of a 'password protected directory' by itself; chmod 777 ought to allow anyone on the machine to write there.

    what error message(s) are you getting?

    anders pearson

Re: Creating and writing a file to a password protected directory
by belize (Deacon) on Oct 12, 2002 at 18:17 UTC
    Our mistake. The directory is protect with .htaccess. When we tested the CGI, we kept getting an authorization screen requesting the username and password for the directory. After scratching our heads, we emptied the cache on our browser and tried again, and this time it worked without the authorization screen showing. Not sure why we got the first authorization screen...sorry for the mistake.
      Good deal. I recommend that you remove the 777 permissions from that directory and instead chown the directory to what ever user the web server runs as. I assume you are using Apache, correct? Use grep or egrep for 'User' on httpd.conf:
      egrep ^User /path/to/conf/httpd.conf
      to find out which user. Then you can chmod the directory to a safer 755.


      (the triplet paradiddle with high-hat)

        Depending on the data 755 may also be unsafe. I'm guessing that whatever data is being written must be both private and correct. If you were I then I'd set the minimum possible permissions and ensure that the process doing the writing was either the directory and file owner or at least in the right group. I'd hate for you to write down credit cards or something using that scheme. In general consider this advice incomplete and a guess at best. If you don't already understand unix permissions then you'll have to learn them prior to completing whatever you're doing. Of course there's additional security to be had by using public-key cryptography. Again, you have to know what you're doing to use it sanely (like not putting the private key on the server among others).

        __SIG__ printf "You are here %08x\n", unpack "L!", unpack "P4", pack "L!", B:: +svref_2object(sub{})->OUTSIDE

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://204781]
Approved by ybiC
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2021-01-18 01:07 GMT
Find Nodes?
    Voting Booth?