On 22-Jun-01 Nick wrote:
>
> I writing a web based admin panel for myself for my site. My PHP script
> needs to be able to read, write, and move files around. The way I'm
> currently getting it to work is by making a directory owned by "nobody" with
> all permissions set so the script can write files there. Any file that is
> created by the script also turns out to be owned by "nobody". This is ok,
> except that don't want to have a directory owned by nobody which has all
> permissions set, and I want to be able to overwrite files logged in as
> myself without su'ing and chown'ing everything first.
Run your sever as root & use posix_setuid() --a stunningly Bad Idea(tm).
> Is there a way like
> there is in PERL to change the account the script runs as?
Perl can't (or shouldn't) do it either. SUID Perl is evil.
Web-admin controls can have nasty dragons lurking about.
If you absolutely _must_ have it; let the PHP/CGI scripts modify copies
of the files.
Then run a small shell script to move 'em into place after root has
eyeball'd them.
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
