Not sure that this is the right forum page for this question, but here goes....I have been trying to follow a discussion regarding making Gallery2 secure, and have come accross a concept that I am not sure I fully understand. Some files (for example ".htaccess" and "congig.php") are user "owned" (I take this to mean the domain owner, me in the case of my domain hosted on TotalChoce) and others are "owned" by "Nobody" (I take this to mean TotalChoice or the webserver).

• Are my assumptions above correct?
• If so, how can you tell who "owns" what files?
• When files are created, how is it determined who owns what files?

I suppose this might be a fairly complicated question, and I do not mean to take up anyone's time educating me - if there is some resouce you could direct me to that would be great!

Thanks!

Russ

There are certain actions that can only be taken on certain files if you are the file owner. For example, files who don't have an owner can't be deleted by you.

"Owner" basically means that you were the person who created the file. If you uploaded the file to the server or it was uploaded through your account, then you are the owner.

If the file was created by a script, then it is possible that "nobody" is the owner. The server created the file, but didn't assign an owner.

For security purposes, you can only delete files that you own. I don't know how you can tell if you own a file or not (except that if you try to delete it and can't, then you probably don't own it).

It is kind of like the Windows XP multiple users feature. Lots of people can log in to any one box, but user 2 can't modify user 1's files (assuming 2 isn't an admin). In virtual hosting, lots of users can log in to any one server, but you can't modify anybody's files but your own.

If you hare having trouble removing a file, you can ask the help desk to delete it for you, or to change the owner to you.

Maybe somebody else can chime in and explain how you can tell who the owner of a particular file is.

Most FTP programs will show the owner of the files. It may not be turned on but most have it. I know CuteFTP does.

The number in the owner field of the public_html folder is your ID. Any files with a different number would be the web server most likely.

Learn something new every day (or every hour, in this business!)

Thanks, Bruce!

SmartFTP will also show who owns the files in a server directory listing.


All files and directories on the server have an owner. The user 'nobody' is a real, low-privileged user created by the system that can be used to limit what scripts can do on the system. PHP scripts on TCH servers run as the user 'nobody' for this reason.

Actually, you can delete files you don't own *if* the directory containing the file you don't own has 0777 permissions. If you own the directory containing the file, you can change the directory's permissions to 0777, delete the file, then reset the directory permissions back to what they were (usually 0755). If 'nobody' owns the directory and it's permissions are not 0777, that would be a problem, as you can't change the permissions on directories you don't own. In that case, you'd need to ask the Help Desk to delete the file for you.


If the file was created by a PHP script, it will be owned by 'nobody'. In any other case, the file will be owned by you.

Thanks to everyone. This was helpful.