>Anyone know of a cfg option that would make files written
>by php be a different user/group than the apache server user/group?
You could run PHP as a CGI wrapped by suExec (http://apache.org) -- Be sure
not to use --with-safe-mode, as suExec and Safe Mode do mostly the same
thing, but they fight with each other trying to do it, and it pukes.
(Symptom: You get the PHP binary dumped to your browser.)
>With my current setup, the only way to give php write access also
>allows any surfer write access to that same folder...which is "not a good
thing".
No. You can write it to a directory *OUTSIDE* the web tree which is
writable by the user 'nobody'. On most Un*x boxes, /tmp is nobody-writable,
so that might be a good place to put the files. What you do with them after
that... Well, it depends on what you're trying to do...
If you want to use PHP as a Module for performance reasons, you pretty much
need to put some serious though in how to do this -- The problem being that
PHP runs as a nobody user, and if you make it possible for nobody to
create/write files/directories, there is danger.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
