h*****t
发帖数: 40 | 1 Solaris 上的
偶不是root,没有admin权。
大家明眼就看出是某种论坛的上传文件
无色情,无反动,无盗版。
现在里面东西占地方太多,怎么删?
偶不想去找root干这事,毕竟偶自己偷着装论坛的。
BTW,这个论坛程序太WK了,生成一堆垃圾,还不让删。DD
drwxr-xr-x 2 nobody bin 11776 May 22 03:25 ./
drwx---r-x 34 "me" "my group" 4608 Mar 17 17:47 ../
-rwxr-xr-x 1 nobody bin 927037 Oct 15 2001 forum10_f_4.zip*
-rwxr-xr-x 1 nobody bin 273065 Dec 21 05:08 forum12_f_10.jpg*
-rwxr-xr-x 1 nobody bin 190839 Dec 21 05:13 forum12_f_11.jpg*
-rwxr-xr-x 1 nobody bin |
q*l
发帖数: 8 | 2 doesn't seem there is other around ... you have to be root (or with the power)
to kill those files
【在 h*****t 的大作中提到】
: Solaris 上的
: 偶不是root,没有admin权。
: 大家明眼就看出是某种论坛的上传文件
: 无色情,无反动,无盗版。
: 现在里面东西占地方太多,怎么删?
: 偶不想去找root干这事,毕竟偶自己偷着装论坛的。
: BTW,这个论坛程序太WK了,生成一堆垃圾,还不让删。DD
: drwxr-xr-x 2 nobody bin 11776 May 22 03:25 ./
: drwx---r-x 34 "me" "my group" 4608 Mar 17 17:47 ../
: -rwxr-xr-x 1 nobody bin 927037 Oct 15 2001 forum10_f_4.zip*
|
h*****t
发帖数: 40 | 3 yu4 men4
let my advisor do that for me rather than the sensitive ROOT
【在 q*l 的大作中提到】
: doesn't seem there is other around ... you have to be root (or with the power)
: to kill those files
|
f****n
发帖数: 4615 | 4 From file permission, you can r/w/x those files, why can't delete them?
//think hard.
【在 h*****t 的大作中提到】
: yu4 men4
: let my advisor do that for me rather than the sensitive ROOT
|
c********e
发帖数: 417 | 5 The file owner is "nobody", which seems to be the user of
process like web server.
【在 f****n 的大作中提到】
: From file permission, you can r/w/x those files, why can't delete them?
: //think hard.
|
h*****t
发帖数: 40 | 6 I am not the owner although the files are in my home dir
and the files were generated(uploaded) by board program(users).
I have tried rm,chgrp,chmod,chown. None of them worked.
% rm forum10_f_4.zip
rm: forum10_f_4.zip: override protection 755 (yes/no)? y
rm: forum10_f_4.zip not removed: Permission denied
%
% chgrp "mygroup" forum10_f_4.zip
chgrp: forum10_f_4.zip: Not owner
%
% chmod 777 forum10_f_4.zip
chmod: WARNING: can't change forum10_f_4.zip
%
% chown "me" forum10_f_4.zip
chown: forum10_f_4
【在 f****n 的大作中提到】
: From file permission, you can r/w/x those files, why can't delete them?
: //think hard.
|
p******f
发帖数: 162 | 7 Files are owned by nobody, which is typically the web server.
If you can install software running with nobody priviledge,
you can cartainly put another program to delete those files.
【在 h*****t 的大作中提到】
: Solaris 上的
: 偶不是root,没有admin权。
: 大家明眼就看出是某种论坛的上传文件
: 无色情,无反动,无盗版。
: 现在里面东西占地方太多,怎么删?
: 偶不想去找root干这事,毕竟偶自己偷着装论坛的。
: BTW,这个论坛程序太WK了,生成一堆垃圾,还不让删。DD
: drwxr-xr-x 2 nobody bin 11776 May 22 03:25 ./
: drwx---r-x 34 "me" "my group" 4608 Mar 17 17:47 ../
: -rwxr-xr-x 1 nobody bin 927037 Oct 15 2001 forum10_f_4.zip*
|
h*****t
发帖数: 40 | 8 The thing is I am not familiar with the php programming
and php is the language that my BBS used.
I can run PERL there, but I guess perl will run with
my priviledge.
Could any one post a piece of code to kill these trash?
many thanks
【在 p******f 的大作中提到】
: Files are owned by nobody, which is typically the web server.
: If you can install software running with nobody priviledge,
: you can cartainly put another program to delete those files.
|
p******f
发帖数: 162 | 9 perl can work if you can run it as CGI.
btw, it won't be so difficult to delete files by php.
check some reference.
【在 h*****t 的大作中提到】
: The thing is I am not familiar with the php programming
: and php is the language that my BBS used.
: I can run PERL there, but I guess perl will run with
: my priviledge.
: Could any one post a piece of code to kill these trash?
: many thanks
|
b*********l
发帖数: 30 | 10 Write a CGI script using perl -- so you can run it thru the web, the block of
code for deleting the files can be like
$basedir=...
$datadir=...
...
if ($FORM{'action'} eq 'remove') {
@files=glob("$basedir/$datadir/*.*");
foreach $file (@files)
{
$fn=$file;
unlink ("$file");
print "$fn has been deleted.
";
}
#...
}
【在 h*****t 的大作中提到】
: The thing is I am not familiar with the php programming
: and php is the language that my BBS used.
: I can run PERL there, but I guess perl will run with
: my priviledge.
: Could any one post a piece of code to kill these trash?
: many thanks
|
|
|
h*****t
发帖数: 40 | 11 the cgi/PERL script runs with my priviledge
printf "whoami = %s\n", `whoami`;
result is my username
I GUESS the server is set to run PERL script with user's priviledge
but if the script is wriiten in PHP, it could be run with
user "nobody" group "bin".
Can any niu niu post piece of code in PHP?
Many thanks
【在 b*********l 的大作中提到】
: Write a CGI script using perl -- so you can run it thru the web, the block of
: code for deleting the files can be like
: $basedir=...
: $datadir=...
: ...
: if ($FORM{'action'} eq 'remove') {
: @files=glob("$basedir/$datadir/*.*");
: foreach $file (@files)
: {
: $fn=$file;
|
b*********l
发帖数: 30 | 12 What I meant by CGI script is that you invoke it from a browser, not from
commandline. That way it will definitely run as "nobody"
of
【在 h*****t 的大作中提到】
: the cgi/PERL script runs with my priviledge
: printf "whoami = %s\n", `whoami`;
: result is my username
: I GUESS the server is set to run PERL script with user's priviledge
: but if the script is wriiten in PHP, it could be run with
: user "nobody" group "bin".
: Can any niu niu post piece of code in PHP?
: Many thanks
|
h*****t
发帖数: 40 | 13 Yes, I did run from web browser
the results is:
blah blah blah
...
whoami = "my username"
I am sorry for my native Question.
environ.cgi
#! /usr/local/bin/perl
printf "Content-type: text/html\n\n";
printf " environ.cgi \n";
printf "Query Results";
printf "You submitted the following %%ENV pairs:\n \n";
foreach $item (sort(keys %ENV))
{ printf "- CGI variable : %s Value : %s
\n", $item, $ENV{$item};
}
printf " \n";
printf "w
【在 b*********l 的大作中提到】
: What I meant by CGI script is that you invoke it from a browser, not from
: commandline. That way it will definitely run as "nobody"
:
: of
|
b*********l
发帖数: 30 | 14 Strange...
Anyway, run the cgi script from a browser on another machine (such as a
windows machine IE browser). I am curious on what kind of result you would
get.
I have written some CGI scripts to delete my "nobody" owned files -- they have
been working pretty well.
【在 h*****t 的大作中提到】
: Yes, I did run from web browser
: the results is:
: blah blah blah
: ...
: whoami = "my username"
: I am sorry for my native Question.
: environ.cgi
: #! /usr/local/bin/perl
: printf "Content-type: text/html\n\n";
: printf " environ.cgi \n";
|
h*****t
发帖数: 40 | 15 I did run it from either NE,Opera on Unix or IE,NE on win32.
well, "whoami" is the same.
I was told by the sys admin that, they config the server to
run script with user's privilage.
Maybe not affect the PHP but certainly,affect Perl.
【在 b*********l 的大作中提到】
: Strange...
: Anyway, run the cgi script from a browser on another machine (such as a
: windows machine IE browser). I am curious on what kind of result you would
: get.
: I have written some CGI scripts to delete my "nobody" owned files -- they have
: been working pretty well.
|
b*********l
发帖数: 30 | 16 Strange -- if you run from an anonymous workstation, without any login
authentication -- how could the program know your username? Are you saying
that your system admin configure the script to run as the owner of the script? |
p******f
发帖数: 162 | 17
This is not always the case. Imagine your cgi-generated data be over
written by somebody's scripts?
The truth is only trusted scripts should run as nobody. untrusted cgi's
run as their owners.
【在 b*********l 的大作中提到】
: Strange -- if you run from an anonymous workstation, without any login
: authentication -- how could the program know your username? Are you saying
: that your system admin configure the script to run as the owner of the script?
|
b*********l
发帖数: 30 | 18 How do you define trusted/untrusted here -- if it is a CGI script, it should
be run from the web -- which means, the program should have access to some
basic resources of the system.
If one's data gets overwritten by other, that is caused by the program logic,
not by configuration of the "runas" user.
script?
should
【在 p******f 的大作中提到】
:
: This is not always the case. Imagine your cgi-generated data be over
: written by somebody's scripts?
: The truth is only trusted scripts should run as nobody. untrusted cgi's
: run as their owners.
|
b*********l
发帖数: 30 | 19 Then why the files you intend to delete were created by "nobody"?
have
$ENV{$item};
【在 h*****t 的大作中提到】
: I did run it from either NE,Opera on Unix or IE,NE on win32.
: well, "whoami" is the same.
: I was told by the sys admin that, they config the server to
: run script with user's privilage.
: Maybe not affect the PHP but certainly,affect Perl.
|
h*****t
发帖数: 40 | 20 I wish I could know.
I guess they config the PERL script runas owner's
but in case of PHP script, I don't know.
the file was uploaded by someone. My BBS is written in PHP.
Obviously, not written by myself.
would
they
【在 b*********l 的大作中提到】
: Then why the files you intend to delete were created by "nobody"?
:
: have
: $ENV{$item};
|
|
|
h*****t
发帖数: 40 | 21 Solved it.
Thanks for everybody's help.
【在 h*****t 的大作中提到】
: I wish I could know.
: I guess they config the PERL script runas owner's
: but in case of PHP script, I don't know.
: the file was uploaded by someone. My BBS is written in PHP.
: Obviously, not written by myself.
:
: would
: they
|
b*********l
发帖数: 30 | 22 How?
【在 h*****t 的大作中提到】
: Solved it.
: Thanks for everybody's help.
|
h*****t
发帖数: 40 | 23 another php script could do it.
【在 b*********l 的大作中提到】
: How?
|
b*********l
发帖数: 30 | 24 COOL
【在 h*****t 的大作中提到】
: another php script could do it.
|
