To whoever was asking this (sorry didn't see the original email):
Is it possible to have a PHP script execute as the user of the domain instead of the webserver? So when I upload files through a PHP script they are owned by me and not "wwwrun" or "nobody"?
I was recently exchanging on this list about that very topic. It's in the archives for this list. Go to www.php.net and set the dropdown menu in the upper right corner of the page to "general mailing list", then type "File Upload Security and chmod" into the search field and hit enter. The conversation is within the first few hits on this search. The server hosting my site runs with php executing as "me" (the owner of the domain), and we covered some of the potential security pitfalls of such a situation (mainly centered on the fact that this makes any php script far too powerful). In my situation I couldn't change how the server was set up; however, the general consensus was that this situation created a number of serious security concerns that had to be very carefully addressed. I would avoid this configuration if you have the choice, based purely on the advice I received. Hope that helps, Andy
