Re: User question for PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To whoever was asking this (sorry didn't see the original email):

Is it possible to have a PHP script execute as the user of the domain
instead of the webserver? So when I upload files through a PHP script
they are owned by me and not "wwwrun" or "nobody"?

I was recently exchanging on this list about that very topic.  It's in the
archives for this list.  Go to www.php.net and set the dropdown menu in the
upper right corner of the page to "general mailing list", then type "File
Upload Security and chmod" into the search field and hit enter.  The
conversation is within the first few hits on this search.
The server hosting my site runs with php executing as "me" (the owner of the
domain), and we covered some of the potential security pitfalls of such a
situation (mainly centered on the fact that this makes any php script far
too powerful).  In my situation I couldn't change how the server was set up;
however, the general consensus was that this situation created a number of
serious security concerns that had to be very carefully addressed.  I would
avoid this configuration if you have the choice, based purely on the advice
I received.

Hope that helps,

Andy

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux