I'm a veteran Perl programmer, but fairly new to Unix security. I have been using the CGI module for a long time to handle uploads, but haven't really paid much attention to the security issues.. until now.
This question deals specifically with Unix, users, groups, file permissions and directory locations. I have no problem making uploads work just fine, but I'm wondering what the best practices are.
Here is my specific question:
- I am not a privileged user on this Linux system
- My Perl scripts all run under user 'apache' and is a member of group 'apache'
- Any directories or files I create myself are created with owner 'tom' and group 'dev'
- I do not have permissions to chown or chgrp
- I always upload to a directory I have created called 'uploads'
- Uploads fail unless 'uploads' directory is chmodded to 777 <-- SECURITY RISK
Since I cannot 'chown dev uploads' which would at least allow me to 'chmod 774 uploads' what else can I do?
Thanks for your helpful advice in advance,