> I am running php on apacheon linux.  Right now my php scripts
> access the data as the user that is running apache.  I would like
> them to access the data as the user who is the owner of the script.
> Can this be done?  How?  Is this a good idea (IE: are there hiden
> programs to watch out for)

It can be done in several ways, all of which have at least some security

Least risky generalized solution is probably Apache's suexec
You'll need to compile PHP again as a CGI binary, and add a second mime-type
and extension to httpd.conf with AddType/Alias/Action (also documented at

If there are a limited number of specific activities you need done, you
could write very simple scripts to provide extremely limited hard-coded
abilities and make them world-executable (or, for root access, use suid or
sudo or somesuch)

You could also switch from Apache to phttpd which allows more flexibility --
calling a specific module by a specific user in different VirtualHosts.  Or,
wait for PHP and Apache 2 to stabilize which is alleged to provide this.

Whatever you pick, be darn sure you understand the under-lying security

WARNING [EMAIL PROTECTED] address is an endangered species -- Use
Wanna help me out?  Like Music?  Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to