On Fri, April 20, 2007 10:27 am, dan1 wrote: > I would simply like the script to be executed, when passed as a > symlink as > argument, instead of a hardlink. > The problem is that when I specify the script to be executed > (ecardbounce.php) as being a symlink, in the /etc/aliases like this: > ecard-bounce: "|/usr/bin/php /etc/smrsh/ecardbounce.php", > then the script isn't executed. However, when I replace the symlink by > a > hardlink to the same located script, then it works fine with no > problems. I don't think you should be allowing the php binary to be run like that... It's just too easy for some hacker email to run arbitrary PHP code on your box this way, as I understand it... At least that's my recollection of how you do NOT want to set up: sendmail | smrsh | php The "Right Way" to make sure that only the script you WANT to run is run is to put the actual PHP script in the /etc/smrsh directory, use #! at the top of it, and sendmail pipe the data to the executable .php script. > This is why there might be a problem with the php interpreter refusing > to > execute a file which is a symlink, and requires the input file to be a > real > file or a hardlink. I thought that we would be able to pass a symlink, > but > maybe this is not allowed by php? PHP may not allow a symlink, I guess, based on various php.ini settings such as open_basedir or safe_mode or whatever... And I guess the permissions/ownership of the symlink and or the .php file would matter. You could probably dink around with php.ini to "fix" all this, if you insist on running an insecure setup... But it would make a LOT more sense to do it the Right Way, as I understand it. You could probably get away with having a symlink (or hard link) in whatever other directory you want to be able to edit the PHP script... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
