[PHP] Re: SuExec and PHP

2004-05-14 Thread Travis Low 
I sent this a couple days ago and haven't heard a peep.  Can anyone help me? 
Or, is there a better place I could be asking these questions?

cheers,

Travis

Travis Low wrote:
Greetings.  We have a need for our PHP scripts to run as the user and 
group associated with each Apache virtual domain on our Redhat server.  
Currently, all PHP scripts run as nobody.nobody.

I know that the apache suexec module allows CGI scripts to run as the 
user and group of the virtual host, but that doesn't seem to be the case 
for PHP scripts run under the apache php module (mod_php).

So my questions are:

(1) Can we use suexec to force PHP scripts (running under mod_php) to 
run as the user/group associated with the virtual host?  If so, how?  
Are there any special configuration tricks to make this happen?

(2) If we CAN'T use suexec with mod_php, I assume we can run PHP as CGI 
to solve our problem.  However, I'm worried about performance.  Have any 
of you done this on linux?  Is it difficult to configure?  Do you have 
to audit all of your PHP scripts?  Etc., etc.

I did read the pages http://www.php.net/security.cgi_bin and 
http://www.php.net/manual/en/security.apache.php, but did not come away 
with clear answers to my questions.  There were also a lot of 
contradictory comments at the bottom of those pages, and a whole mess of 
stuff on google, so I'm getting more lost, not less.  Please help!

cheers,

Travis

--
Travis Low


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: suEXEC and PHP

2002-11-26 Thread Serge A. 
Hi,

suEXEC will only work if PHP is installed as CGI, not Apache module...

Regards,
Serge


> Hi,
>
> Apache 1.3.24, PHP 4.2.2
>
> I am running a php script which executes something like
>
> system("scp -r -S ssh host1:/home/dir host2:/home");
>
> The scp command executes as the apache user, in my case 'nobody'. This
does
> not work, as the ssh authentication is not set up for user 'nobody' nor
> should it be. Setting a different user, as in "scp -r -S ssh
> myuser@host1:/home/dir myuser@host2:/home" deosn't work, ssh still tries
to
> authenticate 'nobody'.
>
> First I tried running apache as a different user, 'apache', after setting
up
> the rsa keys etc (ssh stuff) for 'apache'. The authentication then works
but
> there are issues of the 'apache' user having read/write permissions on the
> directories host1:/home/dir and host2:/home. I thought that giving the
> 'apache' user permission to read/write these directories wasn't a very
good
> idea.
>
> Now I am trying to use the apache suEXEC feature to do this, so that my
php
> script can run as a different user (eg. myuser) who has all the right
> permissions and ssh configured. However, so far I have been unsccessful
and
> suspect that suEXEC will not work with PHP. Does anyone out there have
> experience with this? Any advice would be appreciated.
>
> tia,
>
> Rich
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php