Re: [PHP] Apache + PHP - when using as module, can one have PHPs run as
ADFH wrote: Would it be true to say that the current Apache PHP module doesn't support running PHP scripts as their owners, and that one has to use PHP in CGI mode for this? PHP as an Apache module runs as the user that Apache runs as. Typically nobody or apache. I use a well known PHP based messageboard on a website I run, and I want to prevent non-root, non-me access to the file containing my database password. I suggest if a file then put it outside Apache's document root or use an environment variable. For a perl script, I'd just chmod it 700 with directory given perms 711 - but in PHP 4.3.2rc1, it seems that to reference a file by way of a relative path, the script must be at least 644 and the directory it's in 755. My older version of php is quite happy with 700 permissions, unless I've got this wrong. The owner is the Apache user. HTH Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache + PHP - when using as module, can one have PHPs run as
specific user? Message-Id: [EMAIL PROTECTED] X-Newsreader: Sylpheed version 0.8.9 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Tried posting this earlier - it wouldn't take.. Unmunged my email address hoping this might work.. -- Would it be true to say that the current Apache PHP module doesn't support running PHP scripts as their owners, and that one has to use PHP in CGI mode for this? I use a well known PHP based messageboard on a website I run, and I want to prevent non-root, non-me access to the file containing my database password. For a perl script, I'd just chmod it 700 with directory given perms 711 - but in PHP 4.3.2rc1, it seems that to reference a file by way of a relative path, the script must be at least 644 and the directory it's in 755. Any suggestions? Good references? Changes since http://www.php.net/manual/en/security.apache.php ? ADFH -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
