Re: IFS File permissions

Thanks for the feedback. Adding the "directory" directives was just a shot in the dark since I am not sure how CGIDEV2 handles permissions to read the files in the IFS. Your post straightened that out. So let me run this by you....

If, as both you and Kevin said, these files should be accessible to QTMHHTP1 because that is the profile CGIDEV2 will run under, then changing the permissions to have *RX for QTMHHTP1 on those files and removing permissions for QTMHHTTP should fix the permissions (correct?). That would also solve any problems with "stray" directives that I might have (like the one you mentioned) because it seems that PHP and Apache run under the QTMHHTTP user profile (at least it looks like most of the files in my php apps have *RX permissions for QTMHHTTP on them). If the files have only QTMHHTP1 permissions, then QTMHHTTP (browsing) wouldn't be able to read them. However, I WILL remove the directive since it isn't helping me and potentially could come back to haunt me.

Pete Helgren
Value Added Software, Inc
www.petesworkshop.com
GIAC Secure Software Programmer-Java


On 1/26/2012 11:26 AM, Scott Klement wrote:

CGI programs do not typically run under userid QTMHHTTP. They run under
QTMHHTP1 by default. (Though, my shop, and others I've worked with like
to change this to make the user sign-in and access files under their own
authority.)