including a file on on-rev

Jim Ault jimaultwins at yahoo.com
Tue Nov 3 21:12:22 EST 2009


I am chiming in here to set a few admin basics that govern web hosting  
access.

The OnRev server is running Linux operating system.
Permissions for file and folder access are set by Linux.

Linux has been setup to allow Apache to be designated as an owner of a  
file or folder.
When you use command line for 'chown' or 'chmod' commands, you are  
talking to Linux and setting permissions.

If Apache is an owner of a folder (eg. publicHtml/) it has access to  
that folder according to the Linux permission level (0-7).
Apache can read and write files in a folder if it is the owner and the  
file access level is 6.
Apache can execute a script if the access level of the script file is 7.

Browsers talk to Apache and request various kind of information.
Before Apache takes action, it looks in the folder to see if there is  
an htaccess file.
If so, it reads it as a text file and follows the rules that have been  
put there by the web site admin.

Linux does not know anything about htaccess rules.
Apache always follows htaccess rules, if present.

Access rules are very powerful and complex.
One rule could be that any request for a file (eg. userInfo.txt) is  
honored by Apache by returning a different file (eg.  
notPermittedMsg.txt).  Skilled web admins will use many htaccess files  
to keep users out of folders or from executing files. Do a Google for  
'htaccess' to see some tutorials on this.

Now getting to the FTP access (not the Linux computer operating system  
or the Apache program).
This is governed by cPanel settings.
You can setup several FTP user accounts and allow uploading/ 
downloading.  Each account has a specified 'home' folder and typically  
cannot access any other folders outside that path.  This allows web  
designers access to specific folders, and not all.

Not all hosting systems are the same, and much depends on what the  
hosting company wants to allow.

First:  Claudi may be using an FTP account login:password that is set  
to "testing/", but not likely.
Looking closely at the
    "FTP error file "/testing/..//lib/cc_PageStats.irev" not present.
shows two "//" in the path, which will give an error.
The word "testing" comes from the parent folder the 'page' requesting  
the include file.
I am not sure why the double slash occurs without more info.

Secondly:  Alex said about access to all the folders on a hosting  
site...
"I didn't think you can do this - but you can. And that's kind of  
scary. It means that a script error (or deliberate misuse) in any of  
your add-on domains can see and alter all files, including those in  
other add-on domains.  I'm not sure this is a "feature", it feels more  
like a "bug" (or at least, a "problem").

Access to all the subdomain folders can be regulated, primarily using  
*group* permissions, and also by using htaccess files in each folder.   
Often there are libraries and databases that are used by several  
subdomains.  For years the use of PHP globals was convenient, but  
allowed anyone to easily attack a server.  No one uses these globals  
anymore.

As I learn more about OnRev in the coming months, I will show examples  
of protecting a scripts, subdomains, and hazardous scripts.

I have a couple utility scripts to deal with moving files into deeper  
folder levels and not having to rewrite the include paths.  Basically,  
you call a script that builds the path for you.

The gurus of web hosting should be able to add specifics and  
corrections, but this is a start.
Hope this helps
More to come.

Jim Ault
Las Vegas





More information about the use-livecode mailing list