And if you're running apache as root, you shouldn't be allowed to. Apache should always be run as as nonpriviledged user.
On Fri, 2002-09-13 at 09:04, J Smith wrote:
A running script cannot change its own permissions
If you mean can't change it's user ID and/or group ID, that isn't entirely true.
If your script is being run as a privileged user on a UNIX system (usually root), you can change the user/group IDs of the process (either effective or real) with the POSIX extension. (posix_seteuid(), posix_setuid(), etc.)
I haven't tried it from an Apache process, so I can't say if it will work from a web server (doubtful) but it does work for standalone scripts from the CGI/CLI.
AFAIK, your CGI is processed by a child process of apache, that should run as an unpriviledged user, so it cannot change the U/GID.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
