On Thu, 2010-02-11 at 17:01 +1100, clancy_1@xxxxxxxxxxxx wrote: > On Wed, 10 Feb 2010 16:08:42 +1030, james.mclean@xxxxxxxxx (James McLean) wrote: > > >On Wed, Feb 10, 2010 at 2:51 PM, <clancy_1@xxxxxxxxxxxx> wrote: > >> I'm basically familiar with the UNIX permissions - 'owner', 'group', or 'other', but I > >> have no real idea how these apply to webpage users under PHP. I know that if I FTP to the > >> server I am the owner, and I think that if I, or anyone else, opens one of my webpages I > >> am 'other'. > > > >Almost right. It's UGO, User Group and Other. > > > >When you view a PHP page, it's (usually) served by Apache, the process > >will be owned by a user, usually 'apache'; who is also a member of a > >group, usually 'apache'. On some systems these users/groups can be > >'httpd', 'www-data' etc. When you or I look at a PHP file served from > >Apache, there is no concept of users/groups/others outside those that > >apply to the Apache process that served the data. > > > >> However what I would like to do is assign certain users, who have logged in through a > >> security portal, to 'group', so that they (but not 'others') have permission to write to > >> data files on the site. > > > >It's a seperate thing, because once again inside PHP there is no > >concept of users/groups outside the Apache process itself. It would be > >up to your PHP code to manage who has access to what, the files will > >all be read from and written to disk by the Apache process. > > Thanks. So it is as I feared, and if I want any file to be editable under any > circumstances, I have to give write access to 'others'. > > It is a little surprising that PHP has not made any provision for manipulating users write > permissions, as this could provide a little extra protection from malicious users. > > You can manipulate users write permissions if you're the owner of a file, but what you're asking is to manipulate the user under which PHP is running dynamically. As users and permissions is so integral to the safe working of the system, this would be no easy feat for something that you should be easily able to tackle with some PHP ingenuity. Thanks, Ash http://www.ashleysheridan.co.uk
