On Thu, 2010-02-11 at 17:01 +1100, clanc...@cybec.com.au wrote:

> On Wed, 10 Feb 2010 16:08:42 +1030, james.mcl...@gmail.com (James McLean) 
> wrote:
> >On Wed, Feb 10, 2010 at 2:51 PM,  <clanc...@cybec.com.au> wrote:
> >> I'm basically familiar with the UNIX permissions - 'owner', 'group', or 
> >> 'other', but I
> >> have no real idea how these apply to webpage users under PHP. I know that 
> >> if I FTP to the
> >> server I am the owner, and I think that if I, or anyone else, opens one of 
> >> my webpages I
> >> am 'other'.
> >
> >Almost right. It's UGO, User Group and Other.
> >
> >When you view a PHP page, it's (usually) served by Apache, the process
> >will be owned by a user, usually 'apache'; who is also a member of a
> >group, usually 'apache'. On some systems these users/groups can be
> >'httpd', 'www-data' etc. When you or I look at a PHP file served from
> >Apache, there is no concept of users/groups/others outside those that
> >apply to the Apache process that served the data.
> >
> >> However what I would like to do is assign certain users, who have logged 
> >> in through a
> >> security portal, to 'group', so that they (but not 'others') have 
> >> permission to write to
> >> data files on the site.
> >
> >It's a seperate thing, because once again inside PHP there is no
> >concept of users/groups outside the Apache process itself. It would be
> >up to your PHP code to manage who has access to what, the files will
> >all be read from and written to disk by the Apache process.
> Thanks. So it is as I feared, and if I want any file to be editable under any
> circumstances, I have to give write access to 'others'.
> It is a little surprising that PHP has not made any provision for 
> manipulating users write
> permissions, as this could provide a little extra protection from malicious 
> users.

You can manipulate users write permissions if you're the owner of a
file, but what you're asking is to manipulate the user under which PHP
is running dynamically. As users and permissions is so integral to the
safe working of the system, this would be no easy feat for something
that you should be easily able to tackle with some PHP ingenuity.


Reply via email to