You *CAN* do that with PHP as CGI wrapped with suexec...  But you lose
performance, and you'll have to convince the ISP to install that as a second
mime-type with a different extension...  They'll need to read the suexec
docs at first and foremost.  (Doing suexec incorrectly is
quite dangerous)

Other option is to chown or chmod the files to allow nobody to do what
nobody needs to do -- Of course, that opens those files up for any other
users on the shared server to mess with, and it's probably easier for an
external hacker to gain "nobody" access than a real user.

Safety is relative.  How critical are these files, and how much do you trust
fellow users on a shared resource web-server?

You could also write some world-executable shell scripts that provide
"nobody" with very specific actions they can do to/with the files -- You
want to write that script as limited and carefully as possible so that
*ONLY* the things you want to happen can happen.

Bottom line:  Unless you go hard-core with suexec, anything you set up can
be figured out and potentially abused by any fellow users on the ISP.

WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out?  Like Music?  Buy a CD:
Volunteer a little time:
----- Original Message -----
From: Gerard Samuel <[EMAIL PROTECTED]>
Newsgroups: php.general
Sent: Thursday, October 04, 2001 7:24 PM
Subject: php, files, ownership....(was file manipulation)

> Ok, I found out what was causing some of the people who were using my
> script and have it fail.  They are on a shared server and apache is
> being run as user nobody, so therefore the script is being run as
> nobody.  But the the files has to have user ownership foo foo.  Is it at
> all possible to have a script run as one user and create files as
> another.  Dont know if it is even safe??
> Or could you point me in another direction?
> Thanks

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to