Re: [PHP] POSIX seteuid and similar

Mon, 21 Jul 2003 13:02:37 -0700

You guys can correct me if I'm wrong but I believe what is referred to here is SUEXEC.

This allows a virtual domain instance to run as any specified username and group.

You are not setting the UID of the script but rather any script fun for that domain. This way you don't have to chmod 777 or chgrp apache files. The virtual server instance is set to run as you (usually) and thus has the same permissions you do.

You may have to compile or recompile apache to get this to work for your set up (requires you specify a path where SUEXEC files exist) among other things.

hope this helps...

now... any regexp's response out there? :-)

On Monday, July 21, 2003, at 12:56 PM, David Goodchild wrote:

Curt, thanks for that, I didnt see that in the notes.

A question that I havent been able to work out since reading this is...

When both you and the person in the contributed notes say: "make your php
cgi setuid" and "that is ran in cgi mode that is setuid'd" ...

How do I setuid a CGI script? ...surely if i access it through the browser
it will still execute as apache?

Cheers


----- Original Message -----
From: "Curt Zirzow" <[EMAIL PROTECTED]>
Newsgroups: php.general
To: <[EMAIL PROTECTED]>
Sent: Monday, July 21, 2003 5:08 AM
Subject: Re: [PHP] POSIX seteuid and similar


* Thus wrote David Goodchild ([EMAIL PROTECTED]):
Hi,

I am trying to create a small php program where I can control users
processes. As far as I see I require Apache to run as root in order to
do
this (Note: I wish to access it via a webpage run through a browser). At
the moment all pages are executed as user 'apache' (UID #48 in this
case).
Other than giving apache root access which i hear is a very bad thing to
do,
what other ways can i use the posix_seteuid() functions and the like.

Any help at all will be really appreciated.

There is an example in the contributed notes on the site under the
posix_setuid. Baically it is a perl script that is ran in cgi mode that
is setuid'd. then opens a php script that runs the setuid script.

I dont see why, if you choose this method is to just bypass the perl cgi
and just make your php cgi setuid.

I'm not sure of any security issues in doing that but it seems better
than running your whole apache server as root.

Curt
--
"I used to think I was indecisive, but now I'm not so sure."




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to