On Tue, Aug 19, 2003 at 05:51:46PM -0400, Justin Shin wrote: > etc. anything on the drive. Of course, this is because PHP was invoked by > apache, which is being run as a root user (Administrator, he runs apache on > win2k3 for some odd reason) but I do not know the remedy. How could he set up > his apache/PHP so that only the users of his web hosting service could "do > stuff" to their own web directories. I know I am not explaining this well,
This is what you're looking for. http://httpd.apache.org/docs-2.0/suexec.html But, he needs to set the uid/gid of the apache process as a whole also. Running it on windows/nix doesnt change that. php safe_mode isn't a bad idea, but I think that the suexec will help you even more. I always try and give my users enough rope to hang themselves, but not enough rope to hang me also (tough call sometimes). jeremy -- Jereme Kelley <jeremy 33ad.org> All plenty which is not my God is poverty to me. -- Augustine. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
