October 19 Information

Hello I have read countless tutorials on the web about the issue of chmod on Unix-like computers.

Basicly you can set the permissions of a file or directory (by chmod'ing it) to control who can read, write and execute it.

A good explanation of this is here: http://www.phpdebutant.com/articles/CHMOD-777.php

What always seems to be lacking from any tutorial on chmod, that i have found, is exactly WHO is the 'user', 'group' or 'world'. (Or at least there are conflicting defintions.)

I have a website, which sits on the World Wide Web.

If i am right in believing many of these chmod articles - if i chmod 777 a file in the publicly accessable part of my server's file system (below my web root), this would mean that the World (or sometimes called 'All') can read, write and execute that file.

So, if i chmod a directory below my web root - does this mean that ANYONE can just upload files to it? or does 'World' in the chmod sense actually mean - anyone who has access to the inner workings of the machine that the file sits on?

So, in a chmod-sense who is World?

The reason why i'm trying to find this out is because i am about to use a dedicated server, which means that the only person who has access to the machine is me.

Therefore, should i worry about chmoding something to 777 in my document root, bearing in mind that i will be the only person who can FTP to the machine, login to the command shell, etc.?

I would appreciate any helpful definitive answers.

Notes about this question. Pre-empting some answers... In the tutorial i linked-to above it says that World includes websurfers. Yet, i find documentation of various PHP applications (which seem to be have been running well for years without problems) telling me to chmod 777 web-browsable folders as part of the installation process (and not saying to un-chmod it away from 777 after). See: http://fudforum.org/doc/d/manual.html#install.wizard.step1

So this kind of thing only confuses me more!

--
Ronnystalker 00:09, 19 October 2006 (UTC)
reply

File permissions on a *nix system always refer back to the account and group that own the file. You can view this information if you type 'ls -l' at the command line. You will see two names after the permissions column, the first is the account that owns the file, the second is the group that owns the file. These can be changed using the chown and chgrp commands. By default, if you create a file, the owner and group will be set to yourself, and your primary group. Where this comes into play as far as webservers are concerned, is that the webserver itself actually runs as, and accesses files, as a user on the system. Most webservers run under the guise of a special account, such as "apache" or "nobody" so that hackers can't access special system files via the web server. So, if you create a web page, and the user/group gets set to your own account and group, the webserver won't even be able to read the file when a client requests it. That's why most web files are changed to less strict permissions. If the webserver needs to be able to change a file, such as a simple database or something, then I could see using permissions like 777, though just 774 should be enough for most static web pages. I'm not an expert on web security though, so I'll defer that last bit to someone more qualified. Livitup 04:12, 19 October 2006 (UTC) reply

Another note about "world". What that really means is "anyone who is not the owner of the file, or a member of the group that owns the file." So world includes the account the webserver is running as. If you place a script on your webserver that allows users to upload files to your server, then it would need a world-writable directory (or a directory the webserver's account owns) to put the files in. That doesn't mean that anyone in the world can just put files on your server, the webserver has to execute some kind of code to let them do it, either planned (in the case of our file-uploader script) or unplanned (hacking). Livitup 04:17, 19 October 2006 (UTC) reply

I don't have any proof of this, but it's my understanding that sometimes webservers (particularly if running as root) determine and simulate the permissions on a file, rather than being bound by them but otherwise ignoring them. Typically, then, websurfers (who in general aren't authenticated as anyone in particular) are treated as "world", and HTTP PUT commands may be used iff the target file (if it exists) or its containing directory (if it does not) are world-writable. So (unless you want PUT) giving world-write is probably a bad idea, since it's never useful to servers that need permissions and sometimes damaging with servers that grant permissions. (If the server itself, but not websurfers, needs to be able to write to a file, it should be owned by the server user/group.) -- Tardis 16:31, 19 October 2006 (UTC) reply

The simplest answer to to the first question (who is 'user', 'group' and 'world') is that the user is the account that owns the file, group is the group that is given access to the file, and world is all other user accounts on the host in question. The key is that all of these terms refer to local users on the host. The web server, as with all applications, run as a specific user. In most installations of the Linux system, the most common web server (apache) runs as the 'apache' or 'httpd' or 'nobody' user. You can see who owns a file or directory by running 'ls -l filename' and you can see the user as which a program is running by running 'ps auxf | grep programname' (where programname is something like 'httpd'. A list of all users (that can own files) is in /etc/passwd, and a list of all groups (and who is in them) is stored in /etc/group (caveat - this does not apply if your system is running NIS, and if you don't know what that means, don't worry).

Regarding the second part of your question - what is the effect of setting a directory to mode 777 within your document root, it is always something to be nervous about because if the application that the web server is running (your wiki, forum, bulletin board, etc.) is not secure, then web users can abuse that area. However, many of those applications need a space the web server can write to in order to do things like allow users to upload their own avatars and so on. In reality, what those applications really mean is that the user as which the web server runs must have write access to that directory. You could, instead of making the directory mode 777, change ownership to the user as which the web server runs and make it mode 700 or more (750, 755, 775, etc.). However, since getting permissions exactly right is sometimes difficult, most applications installation instructions simply say 'make it mode 777' and ignore the subtleties. The bottom line is that (especially on a system on which you are the only user) the security of the application itself is more important than setting a directory mode 777. The concern you have for openinig the directory to the 'world' is more applicable to a system on which there are many (untrusted) users; since the directory is mode 777, any local user can modify the contents. In that case, it is safer to set the directory to be owned by the web user and mode 755, which will allow the web software to write to the directory but will not allow other malicious local users to modify the contents. -- Maplebed 04:10, 22 October 2006 (UTC) reply

According to this article, MS Word does not support "custom" fonts which have been manipulated by a font program. I have a font I created in FontForge that I would like to use in MS Word. Does anyone know how Word can tell that a font is "custom" and if there is any way to override this? (I have Word 2004 for Mac.) -- 72.140.146.246 01:11, 19 October 2006 (UTC) reply

You misquote the article. It does not say "MS Word" does not support such fonts, meaning it will not recognize and use them; it says "Microsoft" does not support them, meaning if you have a problem don't call Redmond. -- KSmrq ^T 08:22, 19 October 2006 (UTC) reply

Firefox saves form information and makes suggestions when I type in a form field. The suggestions come in a kind of drop-down list. I know how to clear this list altogether, but what I want to do is clear some items from the list but not others. It's possible to do this in IE by highlighting the item and pressing Delete, but this doesn't work in Firefox. Any idea as to whether this can be done? Many thanks. -- Richardrj ^{talk email} 08:58, 19 October 2006 (UTC) reply

I always use shift-delete (a matter of habbit) and it works in Windows 2000. I haven't tried with plain delete, though. (Using Firefox 2.0 RC3.) -- Kjoon lee 09:18, 19 October 2006 (UTC) reply

That works! Thank you! -- Richardrj ^{talk email} 09:38, 19 October 2006 (UTC) reply

How does it know…

…what suggestions to put on the list? Sometimes, it seems to me that it is showing things I entered into other forms on a nearby page. — Bromskloss 10:20, 19 October 2006 (UTC) reply

I've noticed that as well. It seems to be quite random. -- Richardrj ^{talk email} 12:21, 19 October 2006 (UTC) reply

If you "view source", you will see that the input field has the same name as other input fields that you've put information it. So, Firefox assumes that if you type "Detroit" in an input field marked "City", then you will likely want to type "Detriot" in an input field marked "City" on another website. -- Kainaw ^(talk) 13:17, 19 October 2006 (UTC) reply

This could lead to interesting results:

FORM 1
 List the name of the person to receive the Mother's Day:
  PERSON:______

FORM 2
 List the name of the person to receive your naked pics:
  PERSON:______

StuRat 15:40, 19 October 2006 (UTC) reply

It can't be just the name, can it? You mean it has nothing to do with who is serving the page? — Bromskloss 15:51, 19 October 2006 (UTC) reply

There's some context related to page (logins, for example). However, for info form things -- nope, not related to server. Firefox nearly always assumes that I want to enter the same email address whenever prompted at a new site. — Lomn 20:21, 19 October 2006 (UTC) reply

Q-1)What is the total size of whole wikipedia website?

Q-2)from where can we download the whole website? -- Utkarshkukreti 13:54, 19 October 2006 (UTC) reply

            1 - Whole site adds upto about 6gb

            2 - Download from 
http://download.wikipedia.org/ choose the ones you want.

Except that the enwiki page has "5 items failed", including the "all pages" ones... Loganberry ( Talk) 01:15, 20 October 2006 (UTC) reply

Q-3)IS THERE ANY SINGLE LINK TO DOWNLOAD ALL DATA AS A SINGLE FILES?

Q-4)IS THE WHOLE DUMP OF 6GB AVAILABLE ON DVD/CD?

Please don't use caps, it's not the most polite. If you count that DB dump, yeah, that's a single file, though you'll need MySQL to use? There is a Wikipedia CD project if that is what you are looking for. Splintercellguy 07:13, 20 October 2006 (UTC) reply

how do you create domes and cones on google sketch up???-- 84.67.66.218 13:58, 19 October 2006 (UTC) reply

It's tricksy. From their website: [1] -- Consumed Crustacean ( talk) 14:16, 19 October 2006 (UTC) reply

hi, i am building a website for a client which is the basic store with inventory browse put stuff in shopping cart checkout and pay with credit card. what is the common way people go about this without a 3rd party payment system? what is it usually written in? is asp.net common or usually php or somethign else? what kind of services will i need from my domain host(not sure who is hosting the site yet)? obviously i dont know much about how to do this but i have plenty of time and am a good learner. thanks for any input, im sure ill have a few follow-up questions though Modesty84 15:08, 19 October 2006 (UTC) reply

This isn't advised in general, because of the potential of credit card info being compromised. One of the reasons for using another company is also to put the blame on them in case anything happens, as far as I know. However, I'm not too sure if there are relatively secure software to handle money transactions, since it's been a few years since I worked in IT. -- Wirbelwind 02:49, 20 October 2006 (UTC) reply

Avoid doing this AT ALL COSTS. If at all possible, you should use a 3rd party payment system such as authorize.net and do not store the credit card information on your own. If you must create this type of system, follow the Payment Card Industry (PCI) recommendations ( https://www.pcisecuritystandards.org/), and hire an auditor to do a complete audit of the card-related portions of your code. It doesn't matter what language you use; it does matter that it is secure. -- Maplebed 04:18, 22 October 2006 (UTC) reply

Is there any program that could convert .wmv ( Windows Media Video) to .mov ( QuickTime)? I have a .wmv file, but I want to put it into my iTunes library, and iTunes isn't compatible with .wmv nor able to convert it like it can .wma. Any suggestions? — Akrabbim ^talk 15:18, 19 October 2006 (UTC) reply

I think this will tell you everything you need to know [2]. - Tutmosis 15:39, 19 October 2006 (UTC) reply

Thanks. I appreciate it. — Akrabbim ^talk 14:35, 20 October 2006 (UTC) reply

Do Spybot and Ad-Aware do the same basic things? It seems to me that they do but I'm not sure... Dismas| ^(talk) 17:18, 19 October 2006 (UTC) reply

The free version of Ad-Aware does the same basic task of Spybot - identify and attempt to remove spyware. However, each program has its own other features - for example, Spybot has a resident program that protects sensitive registry entries upon modification. However, each program has a different database and hence there may be some variants of spyware one program can remove but not the other. The paid version of Ad-Aware does quite a bit more. x42bn6 Talk 18:05, 19 October 2006 (UTC) reply

According to a PC World (no link sorry) article, it is best if you use them together. They do not interfere with each other. -- inky 07:18, 20 October 2006 (UTC) reply

On a website with frames you can have a menu.html for every page, and so if you want to change the menu you just change menu.html and it instantly updates on all "pages". However, without frames the menu is in the HTML for every page and so if you want to change the menu on every page you have to go through all the pages laboriously changing the menu. A friend of mine asked if there was a better way to do this, i.e. having a centralised menu that can be changed and updates on all pages immediately (using PHP or something?) and I honestly didn't know. So... is there? Sum0 18:21, 19 October 2006 (UTC) reply

Server Side Includes are one fairly straightfoward way to do it. It might require a bit of configuration of the webserver to enable, but after that, you just do the <--#include virtual="menu.html"--> bit. Any complex system (eg. php like you mentioned, or content management systems like wikimedia) would have their own way to do it as well. -- Interiot 19:42, 19 October 2006 (UTC) reply

Ah, that looks very useful. Thank you! Sum0 09:39, 20 October 2006 (UTC) reply

Hi :-) I'd quite like to install Rockbox onto my iPod (4th generation, colour), but my iPod is HFS+ formatted, and I've been told that Rockbox only works on FAT32 iPods. I don't have a Windows computer handy, so is there any way I can FAT32 format my iPod with either Mac OS X Tiger or Ubuntu 6.06? Surely formatting it as an ordinary disk would stop the iPod firmware from working properly, and I the iPod updater (I think it's integrated into iTunes now) will only format iPods as HFS+. I think. Thanks :-) -- Saxsux 18:51, 19 October 2006 (UTC) reply

Hi all! I found nowhere else in the Net but here to ask this. I'm trying to download a 2.80 GB file through Azureus (from torrent.to). I was a few days ago at 180 Mb, but every few minutes, the file starts decreasing to less than that! I'm currently at... 2 Mb!!! Azureus says that it has discarded 24.XX MB, and Hash fails: 867 (1.67 GB)!! What am I doing wrong? Is it an Azureus problem? Is it a tracker problem? I'd already deleted a 1.38 GB file with the same problem... and I was at 80% already T-T! I have DHT disabled, but I have already downloaded other GB-size files before with the same configuration... Please HELP! Kreachure 23:45, 19 October 2006 (UTC) reply

My first thought is that there's a governmental peer seeding with something that fits the checksums but is not the actual piece, causing torrents to discard it and download it again and discard it. In other words, it's a torrent with a bad source. And is it 180 Mb downloaded total, or 180 Mb complete? If it downloads 180 Mb and discards 180 Mb, you still have 0 Mb of valid data. There's a fault with CRC32 where multiple files can have the same checksum, thus making bad files possible. That's why some like MD5, etc. I'm not sure if this helps, or even if this should be asked here, but from what you said, this is about as much as I can answer. -- Wirbelwind 02:45, 20 October 2006 (UTC) reply

Er, I don't quite get the difference between "downloaded total" and "complete"... the total size of the file is 2.80 Gb, and as of right now (*sobs*), it says: Downloaded: 0 Mb (24.87 Mb discarded)! (the discarded size seems to reset everytime I restart it, ao it might have discarded more before.) And, Hash fails: 898 (1.75 Gb)!!! I've had it going for about three days now (at 17k Down speed average)! Oh, by the way, there are 25 seeds, and 55 peers for the file right now... Do you think I should forget about this file for good? Or is there a way to check, uh, that CRC32 thingie you talk about? Again, if there is a better place to ask this, then please tell me. Thanks! Kreachure 04:05, 20 October 2006 (UTC) reply

Ok, this is how it works. Say you have a 50 meg file, and the creator of the torrent put each piece to be 1 meg, 50 meg / 1 meg is 50 pieces. Each of these pieces have a checksum, and I believe BT uses CRC32 (the 8 alphanumerics you see on anime episodes for example, are also CRC32). This number tells the program (and you) that the pieces is complete and not corrupt/invalid after you download it. When you download, you're actually downloading a piece at a time, each peer sending a piece. When it hits the 1 meg mark, the piece is complete, BUT then it checks against the checksum to see if the file is correctly transferred. If the checksum doesn't match with the original, it's discarded. However, that 1 meg still goes on Azureus as 1 meg downloaded, since the 1 meg did get downloaded, just the incorrect 1 meg. So repeat this process for hundreds of pieces, and it'll say you downloaded hundreds of megs, but all were discarded, so you're left with 0 good pieces. Now that the explaination is out of the way, something is happening where none of the pieces you've downloaded are passing the checksum. It could be many things, like you have a bad .torrent file and it has the wrong checksums (I don't know if this can even happen), your internet is transferring poorly (such as losing packets, but even then, there should be error checking for packets, so this probably isn't the case either). Your diskdrive is not saving the pieces right (not likely either, cause Azureus will probably tell you if that's happening), the seeds are all fake (not likely either if there are 25 seeds), or maybe the ISP is blocking something (I don't know if this is possible either, because you're still getting data). I'm not really sure what the situation with you is, but I would probably try to get another .torrent of the same thing from a different source and try that. Someone else might be able to narrow the problem with what you've given, but I've never encountered it. -- Wirbelwind 04:34, 20 October 2006 (UTC) reply

Jacked router? It may be dropping packets because it identifies certain patterns in the packets as bad. Well-known BT problem :) Also, it could be a bad torrent, though it doesn't seem too likely. See http://www.azureuswiki.com/index.php/Torrents_stop_at_99_percent Splintercellguy 07:04, 20 October 2006 (UTC) reply

Well, I think I'll try finding another torrent for the same thing, and see what happens. Thanks for trying to come up with a problem concerning the ISP or the router, but the Azureus settings are too technical for me to dare tinker around with them (and the wiki doesn't get friendlier either...) ! If the problem pops up again, I'll be more concise then. Thanks again, anyway! Kreachure 18:49, 20 October 2006 (UTC) reply
PS. I'm not a caveman, either!