Re: [PHP] Problems in IIS
Hello, I think the following document will solve your problem : http://www.php.net/manual/en/function.session-save-path.php If you don't wanna read just try: session_save_path(C:\\Winnt\\Temp); Ali Pakkan E-Mail: [EMAIL PROTECTED] Gsm: +90542 3268742 On Wed, 28 Nov 2001, William Sanchez Sanchez wrote: I got a web site with php pages, I was working in Apache. Now I have installed IIS and Windows2000 and I want to run my web site in this platform. I have installed php like cgi and it works ok. But I got some errors accessing some php pages i.e. session_start() function. Is there a difference between IIS and Apache concerning to the sintaxis of some functions in PHP? Sorry for my little english, I really speak spanish. Thanks. William -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] User access rights..
Hello, I have a machine which is running Php4 on Apache 1.3 And I want to make a hosting site that the users can register themselves online. They will have a home directory and so they will be able to put their web files (html, php, images etc.) under there. I want to keep their information on Mysql. That is, if possible I don't want to create real system accounts. I'll do all this work (create user, its home etc) with PHP. There is no problem at this point. The problem is... using PHP, they can open any file that is readable to nobody account (Apache user).. So it can read and even edit other users' files.. Consquently, the users should be able to access only and only their home directories. How can I do this? Thanks in advance.. Ali Pakkan E-mail: [EMAIL PROTECTED] Gsm: +90542 3268742 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] User access rights..
I should explain a bit more in detail.. Actually, the users can have php files. And these php files can access other users' stuff. And consider they are real users, then how will i tell Apache server to run as the user owning the file? Is it impossible for a real solution? On Sun, 25 Nov 2001, Hank Marquardt wrote: I want to keep their information on Mysql. That is, if possible I don't want to create real system accounts. The problem is... using PHP, they can open any file that is readable to nobody account (Apache user).. So it can read and even edit other users' files.. These two statements seem at odds with each other (to me anyway) .. if you're completely managing the user 'virtually' within mysql you could manage all your permissions and access within the database with sessions and a user id ... if on the other hand you are creating accounts on the system just with a nologin shell, then you're in a pickle with no real solution ... if the 'nobody' group needs read permission then you're correct that most anyone can read anyone else's work ... you're only real option is to create some kind of wrapper script for accessing the files that checks the db perms first. BTW, there are *lots* of ISPs offering shell access (and web accounts) out there where this is an issue ... the entire /home tree is 0755 permed and user a can read/execute user b's stuff. even a 0750 doesn't fix it most of the time as the users share a common group ... I guess you could go with 0750, set uid=gid and then add 'nobody' to everyone's groups though ... ... enough, I'm just thinking out loud now. Hank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
