TWNMM: library/
Greymatter / Dreamhost
Getting it working, and securely!
Created: April 20, 2002 [Search] [Up] [Home]
Before I begin, allow me to rant a little bit on the issue of web server security. It is NEVER a good idea to have any file, script, directory, Atari 2600 ROM dump, Windows executable, or any potentially machine-readable data marked "globally writable" and "globally executable" on ANY webserver. If you think about it, if anybody can write to it, and anybody can execute it.. uh.. you're gonna have a big mess on your hands if anyone finds out about it.

I don't care if it's only executing as nobody in a restricted shell, it's gonna someday bite you in the fanny.

So, when I read Noah's original installation instructions for Greymatter, I gasped in horror. No way was I going to install something with global write permissions on my Dreamhost account.

Fortunately, Dreamhost sets up their customer accounts the right way, that is, with CGI scripts running with their user accounts. This is a Good Thing because it allows you to set permissions to something more sane (like 755 for executables and directories) without leaving a nice back door ready to exploit.

Now, running CGI scripts with user permission does open up other security issues, but in my humble opinion, not nearly as gaping as requiring 777 permissions on a machine with open shell accounts.

'Nuff said.

So, how do you get it running on Dreamhost? That's real easy.

First off, install it per the instructions on Noah Grey's website up to part 10. That is, create all the directories, and get everything set up.

Now, make sure you chmod the entries/archives directory 755. chmod the CGI scripts that Noah has you set to 666 in step 8 644 or 664 (your preference). Make sure everything is owned by your user account and your user group.

Now, open up gm.cgi with your favorite text editor (I like vi, emacs users feel free to send your flames elsewhere) and search for any chmods in the program. Change them from 666 to 644. (I counted 22 in 1.21b). Then, open up gm-library.cgi, and do the same there (there are three in 1.21b).

That should take care of it. Maybe someday poor Noah will see the light and get an account at Dreamhost.. until that time, this should keep everything working.

-Fedl

Comments

A note:

Well, to a limited extent, this no longer works. I haven't tried to figure out what Dreamhost changed that broke Greymatter.. in fact, I gave up and went to Movable Type. I'd love to hear feedback from people who've figured it out.

Posted by: feedle at May 17, 2003 03:19 PM

Post a comment







Remember personal info?






the world needs more mayo
© 1998-2007 C. Sullivan (random.2.feedle@spamgourmet.com)
Creative Commons License
[Creative Commons License] [No-Spam Notice] [Legal Stuff]
gm.shtml, Updated: Saturday, 17-May-2003 15:17:47 PDT .