• The scheduler and file upload handler are CGI programs, so they run as the same user as the web server (typically user 'apache', group 'apache').
  • BOINC daemons runs as whoever created the project (let's say user 'boincadm', group 'boinc'). By default, the directories created by user apache are not world-writeable. This causes problems: for example, when the file upload handler creates a directory in the upload hierarchy, it's owned by (apache, apache), and the file deleter (which runs as boincadm) won't be able to delete the files there.

    Recommended solution

    Edit /etc/group so that apache belongs to group boinc, i.e. the line: 

        boinc:x:566:
    becomes: 
        boinc:x:566:apache
    (Apache will need to be stopped/restarted for this to take effect.)

    When you create a BOINC project using make_project, the critical directories are owned by boincadm and have the set-GID bit set; this means that any directories or files created by apache in those directories will have group boinc (not group apache). Also, the BOINC software makes all directories group read/write. Thus, both apache and boinc will have read/write access to all directories and files, but other users will have no access.

    If you're running several projects on the same server and want to isolate them from each other, you can create a different user and group for each project, and add apache to all of the groups.

    Non-recommended solutions

    The following solutions should work, but may introduce security vulnerabilities:

    "; page_tail(); ?>