On Mon, 2009-08-17 at 20:16 +0530, kranthi wrote: > >> That's a potential security flaw waiting to happen. A script like this > >> shouldn't be kept in a web-accessible directory. > /var/www is not the document root. document root is /var/www/html so I > dont think there's a problem. > > >> /var/www (usually your server root) > I am mistaken regarding this. > > for details (the location of httpd.conf may vary depending on your > distro, but it is definitely located in /etc/) > $ cat /etc/passwd | grep apache > $ cat /etc/httpd/conf/httpd.conf | grep ^ServerRoot > $ cat /etc/httpd/conf/httpd.conf | grep ^DocumentRoot > $ cat /etc/httpd/conf/httpd.conf | grep ^User > > >> I have no access to that directory. > seems you do not have access to any directory other than /home/user. > but i dont think there's a work around, you'll have to request your > administrator to move that file to /var/www directory (and retain > 777). > > >> ls, pwd, and other commands run fine. > i dont think "ls /home/user" will work fine.
Why move the script to somewhere that he can't access? If the existing PHP scripts are all in /home/user then Apache is set up to allow the local user filespace to be used as a web server area. As such, there wouldn't be much point in trying to put the script in /var/www (assuming that Apache is set up to use /var/www at all, on Suse for example it uses /srv/www/) Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php