Granting the web server write access to a directory

Remember that your web document root is hosted in AFS, so AFS access controls are important. Unix file modes are not relevant. The CSAIL Web servers run as authenticated AFS users and are in the 'www' group. Granting various permissions to the 'www' group will allow all TIG-managed web servers to perform the associated operations on a given directory. This may be useful in the event that you're running some CGI code that needs to be able to save files to a directory in AFS. See the section on AFS Access Control in our AFS Intro details on how to manipulate AFS permissions.

Be careful to limit access as much as possible. For example, if you have a CGI script that needs to create files, create a specific directory just for these files, called e.g. ~/web-uploads and grant the web server 'i' permission on that directory. That will allow the web server to create new files in that directory, but not to read, delete, or modify existing files.

-- NoahMeyerhans - 16 Nov 2005
Topic revision: 29 Nov 2006, JasonDorfman
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology