On Monday, April 15, 2002, at 01:54 PM, John Weez wrote:
> I have a script which makes a directory. This directory is owned by > nobody.nobody because that is what apache runs as. But, I want this > directory to be owned by a differrent user. So, After making the > directory i use the php command chown to change the directory > ownership. Now, I get an error saying opperation not permitted. > > I figured this is because of some security problems... So i try > dropping in to the shell using teh backtick operator and by also > setting up sudo to give access to the chown command to user > nobody....this does not work from my php script BUT, it does work fine > if i enter it on a shell line... Are you saying that when you are logged in as "nobody", you can execute "chown otheruser directoryname"? If that is so then PHP, which runs under Apache which runs as "nobody", should also be able to execute that command. But I wonder if you really can execute that command -- why would "nobody" have permission to change the ownership of a file to "otheruser"? I certainly hope that "nobody" doesn't have superuser privileges on your system. Try using chgrp instead -- you can have "nobody" belong to group "otheruser" and change the group of the file to "otheruser". NOTE: You're better off running Apache as some other username (like "apacheuser") and under some other group (like "apachegroup"). Several other systems run under "nobody" on most Unix systems, so you could compromise those if "nobody" is compromised. Erik (somebody) ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
