Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Perl + Unix: File upload security best practices

Avatar of tomaugerdotcom
tomaugerdotcomFlag for Canada asked on
PerlLinux SecurityOS Security
10 Comments1 Solution809 ViewsLast Modified:
Hi Everyone,

I'm a veteran Perl programmer, but fairly new to Unix security. I have been using the CGI module for a long time to handle uploads, but haven't really paid much attention to the security issues.. until now.

This question deals specifically with Unix, users, groups, file permissions and directory locations. I have no problem making uploads work just fine, but I'm wondering what the best practices are.

Here is my specific question:

- I am not a privileged user on this Linux system
- My Perl scripts all run under user 'apache' and is a member of group 'apache'
- Any directories or files I create myself are created with owner 'tom' and group 'dev'
- I do not have permissions to chown or chgrp
- I always upload to a directory I have created called 'uploads'
- Uploads fail unless 'uploads' directory is chmodded to 777 <-- SECURITY RISK

Since I cannot 'chown dev uploads' which would at least allow me to 'chmod 774 uploads' what else can I do?

Thanks for your helpful advice in advance,

Tom
ASKER CERTIFIED SOLUTION
Avatar of Gabriel Orozco
Gabriel OrozcoFlag of Mexico imageSolution Architect

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 10 Comments.
See Answers