Does anyone here use PHP with an AFS-authenticated web server *without* CGIWrap, or requiring user authentication to get a PAG for that user in the web server?
In this case, the web server has ACLs to read anyone's web directories, and ACLs to write where the user has permitted it to. Since PHP is running as part of the web server, it shares the tokens of the web server. PHP's 'safe mode' is intended to prevent the interpreter running on a shared web server like this from reading or writing files or directories that belong to someone else. In other words, just because the web server can read or write to a particular place doesn't mean we want to permit any user who runs a PHP program on the web server to do that. To accomplish this, a UID/GID comparison is performed between the PHP program and any files or directories that it reads or writes, to ensure that the user who owns the script is also the user who owns the data files. In AFS, the UID/GID check that PHP 'safe mode' performs is worthless, because the UID and GID are essentially meaningless. (It also causes unnecessary problems where the UID and GID are not in sync because files were created from different machines or moved around, etc.) As stupid as this sounds, I'd like to implement this 'safe mode' check in an AFS-compatible manner. I'm not sure exactly how to do this yet. My first inclination is to walk the ACLs of both files and ensure that both files have at least one matching entry with write privileges. Then I would have a filter list to filter out admin entries so they would not generate false matches. My question is whether this can be done through some generic operating system mechanism, or if this requires -lopenafs for the pioctl support. I guess it could be done by shelling out to fs, but that's ugly. -- Ryan Underwood, <[EMAIL PROTECTED]> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
