On Monday, April 15, 2002, at 02:22  PM, Darren Gamble wrote:

> Setting up sudo access should work properly.  Ensure that the service is
> actually running as "nobody" and not another unprivileged user.
> However, it should be mentioned that this is a very, very insecure 
> method!
> The chown operator was designed more for PHP command-line scripts that 
> would
> be run as another user.  You may want to re-evaluate why you are 
> changing
> ownerships of directories from a web page, and determine if there is a
> safer, more secure way of doing what you want.

Yes, I wouldn't give "nobody" privileges to do anything with sudo.  
You're better off making "nobody" a member of the same group as the 
other user, and using chgrp.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to