On Wed, 10 Feb 2010 16:08:42 +1030, james.mcl...@gmail.com (James McLean) wrote:
>On Wed, Feb 10, 2010 at 2:51 PM, <clanc...@cybec.com.au> wrote: >> I'm basically familiar with the UNIX permissions - 'owner', 'group', or >> 'other', but I >> have no real idea how these apply to webpage users under PHP. I know that if >> I FTP to the >> server I am the owner, and I think that if I, or anyone else, opens one of >> my webpages I >> am 'other'. > >Almost right. It's UGO, User Group and Other. > >When you view a PHP page, it's (usually) served by Apache, the process >will be owned by a user, usually 'apache'; who is also a member of a >group, usually 'apache'. On some systems these users/groups can be >'httpd', 'www-data' etc. When you or I look at a PHP file served from >Apache, there is no concept of users/groups/others outside those that >apply to the Apache process that served the data. > >> However what I would like to do is assign certain users, who have logged in >> through a >> security portal, to 'group', so that they (but not 'others') have permission >> to write to >> data files on the site. > >It's a seperate thing, because once again inside PHP there is no >concept of users/groups outside the Apache process itself. It would be >up to your PHP code to manage who has access to what, the files will >all be read from and written to disk by the Apache process. Thanks. So it is as I feared, and if I want any file to be editable under any circumstances, I have to give write access to 'others'. It is a little surprising that PHP has not made any provision for manipulating users write permissions, as this could provide a little extra protection from malicious users. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
