web server write access

Granting the web server write access to a directory

Remember that your web document root is hosted in AFS, so AFS access controls are important. Unix file modes are not relevant. The CSAIL Web servers run as authenticated AFS users and are in the www group. Granting various permissions to the www group will allow all TIG-managed web servers to perform the associated operations on a given directory. This may be useful in the event that you’re running some CGI code that needs to be able to save files to a directory in AFS. See AFS Access Control in our AFS documentation on how to manipulate AFS permissions.

Be careful to limit access as much as possible. For example, if you have a CGI script that needs to create files, create a specific directory just for these files, called, e.g., ~/web-uploads and grant the web server i permission on that directory. That will allow the web server to create new files in that directory, but not to read, delete, or modify existing files.