Rev cgi question

Richard Miller wow at together.net
Wed Apr 2 14:35:33 EDT 2008


Thanks, Bob. I think I know how to handle this now.
Richard



On Apr 2, 2008, at 2:02 PM, Robert Sneidar wrote:

> Hi Richard.
>
> The OS X servers use ACL's (Access Control Lists) now. If there is  
> an ACL entry which applies to the particular user that is accessing  
> the file or folder, then the ACL supersedes the POSIX permissions  
> you are trying to set. The server first looks at the ACL entries in  
> order. If the user matches any of the ACL's that are set, that user  
> gets that ACL permission, and the whole process stops at that point.
>
> If the user falls all the way through the ACL's without hitting on  
> one, THEN and ONLY THEN do the POSIX permissions come into play.  
> The only way to manage the acl permissions is if you use the Server  
> Admin utility.
>
> The best solution is to allow all users read/write ACL access to  
> the root directory, and then (assuming the server is set up to have  
> ACL's inherit down to the children) any new files created will  
> possess the same ACL's that the parent folder has, and POSIX will  
> not even come into play.
>
> Now if you can access a folder after setting the POSIX permissions,  
> but cannot access new files created in that folder, that is because  
> POSIX inheritance does not work the way you think it would, or the  
> way it should, given the nature of file servers. With POSIX, the  
> creator of the folder or file becomes the Owner with read/write  
> permissions. The parent's Group has read only (regardless of what  
> the parent's group's permissions were) and the Everyone gets read  
> only.
>
> If you still have problems after that, I would talk to the server  
> admin and make sure he has set the ACL's to inherit from the  
> parent. It's something you set at the root VOLUME (not the share)  
> while sharing is off.
>
> One more note, are you using AFP or SMB to log into the server? I  
> believe SMB has it's own permission inheritance settings. I ALWAYS  
> set mine to have children inherit the parent. Otherwise you spend a  
> LOT of time cleaning up other people's new folder and file  
> permissions.
>
> Sorry for the long blurb.
>
> Bob Sneidar
> IT Manager
> Logos Management
> Calvary Chapel CM
>
> On Apr 2, 2008, at 9:01 AM, Richard Miller wrote:
>
>> Not quite solved yet.
>>
>> I believe this issue has been talked about before, but the answer  
>> is not clear to me.
>>
>> If I change the file attributes of a particular folder to "777"  
>> from within my ftp program, my Rev cgi script can then go ahead  
>> and delete it using Delete File and Delete folder commands. But if  
>> if then use a Rev program to put a new folder on the server (via  
>> ftp) in the same place as this last one, I can't delete it (unless  
>> I manually change it to 777). There must be some setting on the  
>> server itself... probably in the Ownership & Permissions area...  
>> to configure any new folders placed there so they can be deleted  
>> by Rev... but I can't sort out how to do this. This Ownership/ 
>> Permissions area is completely foreign to me.
>>
>> Help would be much appreciated.
>>
>> Thanks.
>> Richard
>>
>>
>>
>> On Apr 2, 2008, at 8:53 AM, Richard Miller wrote:
>>
>>> I sorted it out. It was an Ownership & Permission OSX setting.
>>> Can someone provide guidance on the correct way to set those  
>>> settings for unrestricted Rev cgi access, while still retaining  
>>> server security? Or is the security issue on a Mac (running its  
>>> native server app) not an issue, regardless of these settings?
>>>
>>> Thanks.
>>> Richard
>>>
>>>
>>> On Apr 2, 2008, at 8:41 AM, Richard Miller wrote:
>>>
>>>> There's something else going on. I wish it was just spelling,  
>>>> but it's not. It's probably particular to OSX.
>>>>
>>>> I tried the following:
>>>>
>>>>   set the defaultfolder to "/users/myusername"
>>>>   put the folders into buffer
>>>>
>>>> I get back the correct list of folders, including one called  
>>>> "Desktop"
>>>>
>>>> I then try this:
>>>>
>>>>   set the defaultfolder to "/users/myusername/Desktop"
>>>>   put the folders into buffer
>>>>
>>>> It returns the list of folders inside the cgi-bin directory. I  
>>>> tried changing "Desktop" to "Library" and got the same cgi-bin  
>>>> results.
>>>>
>>>> What's going on here?
>>>>
>>>> Thanks.
>>>> Richard
>>>>
>>>>
>>>> On Apr 2, 2008, at 8:26 AM, jbv wrote:
>>>>
>>>>>
>>>>>
>>>>> Richard ,
>>>>>
>>>>> I have done that dozens of time, mostly on linux & windoze  
>>>>> servers...
>>>>> So I'm not sure about OSX settings, but one thing I'd check  
>>>>> first is the
>>>>> spelling of the folder's name... it might sound silly, but many  
>>>>> times
>>>>> I have been blocked by spelling problems (or case sensitive  
>>>>> spelling)
>>>>> when referring to folders & files...
>>>>>
>>>>> JB
>>>>>
>>>>>> I don't understand what is happening with this. This is on a  
>>>>>> MacMini
>>>>>> server.
>>>>>>
>>>>>> I ask a Rev cgi script the following:
>>>>>>
>>>>>>     put (there is a folder "/users/myusername/desktop") into  
>>>>>> buffer
>>>>>>
>>>>>> It returns TRUE.
>>>>>>
>>>>>> I then ask the following:
>>>>>>
>>>>>>    put (there is a folder "/users/myusername/desktop/foldername")
>>>>>> into buffer
>>>>>>
>>>>>> (foldername = any folder sitting on the desktop)
>>>>>>
>>>>>> It returns FALSE.
>>>>>>
>>>>>> Does this have something to do with some setting I need to  
>>>>>> change on
>>>>>> the server?... or am I asking for information which is not  
>>>>>> accessible
>>>>>> from a Rev cgi script located inside the CGI-Executables folder?
>>>>>>
>>>>>> What I ultimately want to do is have the Rev cgi script delete a
>>>>>> folder sitting elsewhere on the server. Is there a reason this  
>>>>>> can't
>>>>>> be done?
>>>>>>
>>>>>> Thanks.
>>>>>> Richard Miller
>>>>>> _______________________________________________
>>>>>> use-revolution mailing list
>>>>>> use-revolution at lists.runrev.com
>>>>>> Please visit this url to subscribe, unsubscribe and manage  
>>>>>> your subscription preferences:
>>>>>
>>>>> _______________________________________________
>>>>> use-revolution mailing list
>>>>> use-revolution at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your  
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your  
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your  
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your  
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution




More information about the Use-livecode mailing list