On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote: > On 10/20/06, Ivo F.A.C. Fokkema <I.F.A.C.Fokkema@xxxxxxx> wrote: >> On Fri, 20 Oct 2006 15:49:14 +1000, Chris wrote: >> >> > Andy Hultgren wrote: >> >> To whoever was asking this (sorry didn't see the original email): >> >> >> >>>> Is it possible to have a PHP script execute as the user of the domain >> >>>> instead of the webserver? So when I upload files through a PHP script >> >>>> they are owned by me and not "wwwrun" or "nobody"? >> >> >> >> I was recently exchanging on this list about that very topic. It's in the >> >> archives for this list. Go to www.php.net and set the dropdown menu in the >> >> upper right corner of the page to "general mailing list", then type "File >> >> Upload Security and chmod" into the search field and hit enter. The >> >> conversation is within the first few hits on this search. >> >> The server hosting my site runs with php executing as "me" (the owner of >> >> the >> >> domain), and we covered some of the potential security pitfalls of such a >> >> situation (mainly centered on the fact that this makes any php script far >> >> too powerful). In my situation I couldn't change how the server was set >> >> up; >> >> however, the general consensus was that this situation created a number of >> >> serious security concerns that had to be very carefully addressed. I would >> >> avoid this configuration if you have the choice, based purely on the advice >> >> I received. >> > >> > Actually you have that the wrong way around. >> > >> > If php is running as "www" or "nobody" then any files or directories >> > that a php script creates will be done as the web server user. >> > >> > That means (potentially) that if domain 'a' creates a file, domain 'b' >> > can read and write to that file and even delete it. >> > >> > >> > If php is running as you instead, you can control this with appropriate >> > chmod commands (at least removing the risk of deleting of files / >> > updating of files). >> > >> > A shared user (like "www" or "nobody") is a *much* bigger risk than >> > separate users. >> >> Unless those separate users have a little more access than just SSH >> and FTP access to the machine... I guess that if anyone with special >> rights carelessly activates suPHP and leaves the PHP files owned by him, >> you'd have PHP scripts capable of reading out special log files and >> whatnot. >> >> To my experience, apache (with PHP running as www-data or nobody or >> whatever) will not be able to create files or folders without user >> intervention (chmod, chown), thus no updating and removing is possible >> either by default. > > php running through apache: > > <?php > mkdir('/path/to/dir'); > ?> > > Making that in a "shared" location will allow *any* domain to write to > it, read from it or delete it (forget about possible open_basedir > restrictions). I see your point and I agree this is an issue, but given the relatively small incidence of such a situation, I personally would not say this is a much bigger problem than a PHP file being able to remove all other files owned by the same owner (i.e. usually the whole site at least)... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php