• The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (typically user 'apache', group 'apache').
  • BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc'). By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the upload hierarchy, it's owned by (apache, apache), and the file deleter (which runs as boincadm) won't be able to delete the files there.

    Recommended solution

    Edit /etc/group so that apache belongs to group boinc, i.e. the line: 

    boinc:x:566:
    becomes: 
    boinc:x:566:apache
    (Apache will need to be stopped/restarted for this to take effect.)

    When you create a BOINC project using make_project, the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). The BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.

    On an existing project, do: 

    chmod 02770 upload
chmod 02770 html/cache
chmod 02770 html/inc
chmod 02770 html/languages
chmod 02770 html/languages/compiled
chmod 02770 html/user_profiles
    You may also need to change the ownership of these directories and all their subdirectories to boincadm/boinc.

    If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.

    Non-recommended solutions

    The following solutions should work, but may introduce security vulnerabilities:

    "; page_tail(); ?>