Important! DiscusWare, LLC does not support the following procedures. They should be used only by experienced users who understand unix permissions and the Discus file structure.

By default, Discus uses and requires world-writable permissions for all files and directories it creates and reads. This is because on many servers, the server runs as "nobody" and you log in as "user" -- in order for the WWW server to be able to read and write the files, you must make the files writable to everyone. This does create concern that either another user on your system or another user's CGI script on your system might be able to read, modify, and/or destroy your Discus data files.

Unfortunately, if your server runs as "nobody" (or something else, other than your UID), there is no way to get around this potential problem. Note that you will not be able to get around this with any other CGI program either.

If your server runs CGIWrap or suExec (which cause the processes to run under your UID), you can secure your critical data files against intrusion by local users or other CGI scripts. The following document then applies to you.

• If your server does not run CGIWrap (or some other mechanism to make the scripts execute under your UID), you should not use this document.

• If you are running Discus 3.01 or before, you should not use this document. The ability to change permissions is introduced in Discus 3.10.

• If you are using Discus 3.10.b23 or earlier, you should not use this document until you have upgraded to the latest available version of Discus 3.10 (or later).

• Quite frankly, if you do not know exactly what you are doing, you should not use this document. Doing the wrong thing here has the potential to break your board and could cause data corruption or loss.

If you know your system runs CGIWrap or suExec, you can set permissions as follows:

If your server has been running CGIWrap the entire time you have been using Discus, then you should be able to set these permissions using your telnet or FTP program. If CGIWrap was a recently installed package, you should ask your system administrator to change ownership of all directories and files on your site from "nobody" (or whatever the web server was previously running as) to your UID.

Once the above permissions have been set up, add the following two lines to your discus.conf file:

Those lines ensure that all files and directories created by Discus in the future will be created with the proper permissions.

NOTE: There is no need to change file permissions of any files under your Discus administration files directory, since the permissions you set above will only allow you (and not "nobody" or other users on your system) to even access that directory.