Look in you apache.conf file and find out what user the web server runs 
as, then give that user the right to write to that directory, probably 
through a group used for nothing else is most secure.

Brian Mauter wrote:

>To get around this, I made a small shell script which runs as root.  The php
>page calls the script via the system call.  All the shell script does is
>move a specific file from tmp to a specific location.
>I'm probably asking for someone to exploit it, but I don't know exactly what
>they can do.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to